VulnPilot

VulnPilot VulnPilot is an automation framework for vulnerabil...

Malicious code in mcp-server-notion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2 Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall"...

an-website (>=24.12.0 <=25.2.0), graphtomation (>=0.0.6 <=0.2.0) +5 more potentially affected by CVE-2021-47952 via jsonpickle (>=4.0.0 <=4.0.1)

jsonpickle PYPI version =4.0.0, =24.12.0, =0.0.6, =4.0.0, =0.1.0, =0.1.1, =0.5.8, =0.5.9 Source cves: CVE-2021-47952 Source advisory: SNYK:PYTHON-JSONPICKLE-16755449...

Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP

Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...

CVE-2026-25020

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

CVE-2026-25020

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

CVE-2026-25020

CVE-2026-25020 affects the WordPress WP Sync for Notion plugin up to version 1.7.0. The Red Hat, CVE, NVD, and PT Security entries all describe a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels in WP Sync for Notion, allo...

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

CVE-2026-25020

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

EUVD-2026-5305

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

WordPress plugin WP Sync for Notion 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-6251

Name of the Vulnerable Software and Affected Versions WP Sync for Notion versions through 1.7.0 Description An issue exists in WP Sync for Notion where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. Recommendations Update WP...

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

CVE-2025-69207

CVE-2025-69207 concerns Khoj, a self-hosted AI app. Pre-2.0.0-beta.23, an IDOR in the Notion OAuth callback lets an attacker hijack a user’s Notion integration by manipulating the OAuth callback’s state parameter. The endpoint accepts any user UUID without verifying the initiated OAuth flow, enab...

CVE-2025-69207 Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...