Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2022/06/20 6:20 p.m.6 views

MAL-2022-497 Malicious code in @passit/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63edaf30d1342edaea9754ea5bff2122c582b88298d610da8efa3d3ffd9d5eb9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Hacker One
Hacker Oneadded 2019/04/06 11:37 a.m.33 views

Passit: URL is vulnerable to clickjacking https://app.passit.io/

URLs do not have X-FRAME-OPTIONS set to DENY or SAMEORIGIN, and they are vulnerable to clickjacking. Reproduce steps: 1. enter your credentials and click on stay logged into this device then login 2. Run under the browser's code and you will see that the listed links are vulnerable to clickjackin...

0.6AI score
Exploits0
Hacker One
Hacker Oneadded 2018/05/30 1:44 a.m.17 views

Passit: Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing

Description https://app.passit.io/list renders external links under attacker control that open in a new tab such that the opened tab has access to the opening tab where the user was just browsing on app.passit.io via window.opener. This is likely due to the lack of specifying a rel="noopener"...

6.9AI score
Exploits0
Hacker One
Hacker Oneadded 2018/05/22 1:47 p.m.6 views

Passit: Missing HSTS (Strict Transport Security)

Added HSTS headers...

1.6AI score
Exploits0
Hacker One
Hacker Oneadded 2018/05/19 10:54 p.m.23 views

Passit: X-Content-Type-Options has not been set at app.passit.io

Hi The Http Header X-Content-Type-Options is missing. Impact Your website http://app.passit.io/ doesn't have a header settings for X-Content-Type Options which means it is vulnerable to MIME sniffing. The only defined value, 'nosniff', prevents Internet Explorer and Google Chrome from MIME-sniffi...

0.1AI score
Exploits0
Hacker One
Hacker Oneadded 2018/04/15 9:51 a.m.29 views

Passit: Session not changed after password reset

Hey, I've found a session management in app.passit.io, which can lead to session takeover! Issue: ============== When the password of an account is changed from a session, other sessions doesn't expire! Steps To Reproduce: ====================== 1 we need to use two different browsers ex:- 1...

0.4AI score
Exploits0
Hacker One
Hacker Oneadded 2018/04/13 9:2 a.m.13 views

Passit: app.passit.io is vulnerable against Brute Force password quessing attack

Summary: app.passit.io is vulnerable against Brute Force password quessing attack Description: Hello! I have found out that your login functionality is vulnerable against brute force attack. This is especially dangerous in your case because an attacker can get all of users passwords if they brute...

0.4AI score
Exploits0
Hacker One
Hacker Oneadded 2018/04/11 5:55 a.m.8 views

Passit: Authentication Required When password change

Description of the issue :- I have found that when changing password in passit account there is no Authentication process by asking current password or any other confirmation If a user leaves their computer or account is still active in insecure place,or if account is hijacked or if CSRF is...

1.8AI score
Exploits0
Rows per page
Query Builder