Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Huntr
Huntradded 2022/06/07 10:15 p.m.20 views

Account Takeover via Webhook Handlebars + API Reset Password

Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...

6.8CVSS0.3AI score0.01073EPSS
Exploits1
Hacker One
Hacker Oneadded 2021/07/03 5:36 p.m.17 views

Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com

Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...

0.4AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:56 a.m.4 views

Malicious Package

leaflet-gpx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:55 a.m.8 views

Malicious Package

angular-location-update contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:55 a.m.9 views

Malicious Package

github-jquery-widgets contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:55 a.m.8 views

Malicious Package

vue-backbone contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:55 a.m.7 views

Malicious Package

mx-nested-menu contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Veracode
Veracodeadded 2019/06/10 3:42 a.m.13 views

Malicious Package

ngx-pica contains malicious code. The code when executed in the browser will capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Kitploit
Kitploitadded 2015/07/18 3:21 p.m.22 views

BetterCap - A complete, modular, portable and easily extensible MITM framework

BetterCap is an attempt to create a complete, modular, portable and easily extensible MITM framework with every kind of features could be needed while performing a man in the middle attack. It's currently able to sniff and print from the network the following informations: URLs being visited. HTT...

7.2AI score
Exploits0References1
Rows per page
Query Builder