Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-0303

Malicious code in bioql PyPI...

7.7CVSS5.6AI score0.00665EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2023/01/11 7:49 p.m.7 views

CVE-2023-22487 Post mentions can be used to read any post on the forum without access control

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS7.5AI score0.00665EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/01/11 7:49 p.m.40 views

CVE-2023-22487 Post mentions can be used to read any post on the forum without access control

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS7.5AI score0.00665EPSS
Exploits1References2
OSV
OSVadded 2023/01/11 7:49 p.m.25 views

CVE-2023-22487 Post mentions can be used to read any post on the forum without access control

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS5.4AI score0.00665EPSS
Exploits1References4
CVE
CVEadded 2023/01/11 7:49 p.m.115 views

CVE-2023-22487

Concrete details show that Flarum, via the flarum/mentions extension, leaks the full JSON:API payload of all mentioned posts in certain API responses (POST /api/posts, PATCH /api/posts/) regardless of access rights. Affected are all Flarum versions prior to 1.6.3; mitigation is to upgrade to flar...

7.7CVSS4.7AI score0.00665EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/01/10 12:0 a.m.5 views

PT-2023-18538 · Flarum · Flarum

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.6.3 Description: The issue concerns the mentions feature provided by the flarum/mentions extension, which allows users to mention any post ID on the forum using a special syntax. This feature leaks the discussion ID...

7.7CVSS4.9AI score0.00665EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletinsadded 2018/06/15 7:7 a.m.20 views

Security Bulletin: HTML injection vulnerability in IBM Business Process Manager (BPM) - CVE-2017-1424

Summary IBM BPM allows users to interact with one another without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection. Vulnerability Details CVEID: CVE-2017-1424 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

5.4CVSS0.4AI score0.00729EPSS
Exploits0Affected Software3
Rows per page
Query Builder