49 matches found
CVE-2026-49471
Serena exposes an unauthenticated Flask API on a fixed port prior to v1.5.2, with no authentication, CSRF protection, or Host header validation. A DNS rebinding attack can reach this API from any browser and write arbitrary content to the agent’s persistent memory store, which the agent may read ...
CVE-2026-49471 Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...
EUVD-2014-0373
Malware in sbrugna...
EUVD-2004-2554
Malware in sbrugna...
EUVD-2018-11326
Malware in sbrugna...
EUVD-2014-0374
Malware in sbrugna...
EUVD-2023-50943
Malicious code in bioql PyPI...
CVE-2023-46776
Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...
CVE-2019-10296
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2024-31151
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...
serena.bookingonline.fi Cross Site Scripting vulnerability OBB-3882444
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
serena.bookingonline.fi Cross Site Scripting vulnerability OBB-3872940
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
serena.bookingonline.fi Cross Site Scripting vulnerability OBB-3862121
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
iesmarserena.es Improper Access Control vulnerability OBB-3822310
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-46776
Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...
CVE-2023-46776
Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...
CVE-2023-46776
CVE-2023-46776: CSRF in WordPress plugin Auto Excerpt Everywhere (versions
PT-2023-30205 · WordPress · Serena Villa Auto Excerpt Everywhere Plugin
Name of the Vulnerable Software and Affected Versions: Serena Villa Auto Excerpt everywhere plugin versions = 1.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...
serena.bookingonline.fi Cross Site Scripting vulnerability OBB-3464591
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...