Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

PyPA
PyPAadded 2026/04/15 7:16 p.m.9 views

PYSEC-2026-156

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.7AI score0.0001EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2024/09/05 5:15 p.m.9 views

PYSEC-2024-74

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...

9.1CVSS6.7AI score0.82793EPSS
Exploits1References2
OSV
OSVadded 2020/11/16 1:15 a.m.15 views

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

8.1CVSS7AI score
Exploits0References2
Hacker One
Hacker Oneadded 2020/05/16 8:43 a.m.10 views

Mail.ru: User session access due to Oauth whitelist host bypass and postMessage

A destination for postMessage was not properly restricted on connect.mail.ru allowing crossite access to session, as was shown for 3k.mail.ru application session. Both connect.mail.ru and 3k.mail.ru belong to Ext.B scope, this scope does not offer a bounty for attacks with clientside vectors on t...

Exploits0
Hacker One
Hacker Oneadded 2014/06/25 12:46 p.m.52 views

HackerOne: Account takeover

Hello, I found another bug on hackerone. This time it is very dangerous and creative. Hope you will definitely love it. Any valid account on hackerone can be hacked. eg Co-founders @jobert and @michiel can also be hacked. I tried this one on my account only. Lets go to the point ... Things requir...

7.2AI score
Exploits0
NVD
NVDadded 2009/01/22 4:30 p.m.12 views

CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

4.3CVSS5.6AI score0.00254EPSS
Exploits0References3
Prion
Prionadded 2009/01/22 4:30 p.m.15 views

Cross site scripting

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References3
Rows per page
Query Builder