Lucene search
+L

12 matches found

OSV
OSV
added 2026/05/29 1:32 p.m.4 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

8.3CVSS6.2AI score0.00136EPSS
Exploits0References3
Citrix
Citrix
added 2025/03/28 12:0 a.m.10 views

iOS Workspace App 2501.10 - How to Fix Login Hang at "Stay Signed In" Prompt

Users of the Citrix Workspace app on iOS devices may experience a hang or freeze at the "Stay Signed In" prompt after adding their Citrix Cloud workspace URL. The app becomes unresponsive, preventing users from selecting either "Allow" or "Deny."...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2017-4966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PC...

7.8CVSS5.6AI score0.00394EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/09 6:55 p.m.51 views

CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...

6.8CVSS0.00182EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/21 2:29 p.m.39 views

Umbraco CMS Open Redirect Bypass Protection

Impact Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed. Affected Version = 8.18.5, = 10.5.0, = 12.0.0, = 13.0.0 Patches 8.18.14, 10.8.6, 12.3.10, 13.3.1...

6.1CVSS6.9AI score0.00375EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2023/07/31 2:27 p.m.3 views

USN-6265-1 rabbitmq-server vulnerability

It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information...

7.8CVSS6.3AI score0.00394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/26 12:0 a.m.56 views

Debian DLA-2710-1 : rabbitmq-server - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2710 advisory. - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF...

7.8CVSS5.4AI score0.04519EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2020/08/03 12:15 p.m.6 views

grub2: Fail kernel validation without shim protocol

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...

6.4CVSS7AI score0.01392EPSS
Exploits0References4
OSV
OSV
added 2018/04/30 1:29 p.m.3 views

CVE-2017-18262

Blackboard Learn Since at least 17th of October 2017 has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI...

6.1CVSS5.8AI score0.01469EPSS
Exploits1References3
0day.today
0day.today
added 2014/07/13 12:0 a.m.61 views

Facebook Brute Force with Customize Word Lists for Signed In Accounts

Brute Forcing is easy for Any Signed In Facebook Account at Firefox or Chrome. Usage Info Simple is that you just have to run on Developer Console of Google Chrome or Web Console of Firefox, Javascript Console of Safari, you name it. This is private exploit. You can buy it at https://0day.today...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2012/02/24 12:0 a.m.13 views

PHP Gift Registry 1.5.5 - SQL Injection

PHP Gift Registry 1.5.5 - SQL Injection Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2011/10/19 6:5 p.m.8 views

Google Moving Gradually Toward Encrypted Search

Google is moving to make queries and results from the company’s immensely popular search engine encrypted by default in the coming weeks, but only for users signed into their Google Accounts. In a post on The Official Google Blog, the Mountain View based company claims signed-in users may begin...

0.6AI score
Exploits0References5
Rows per page
Query Builder