Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/19 7:49 p.m.5 views

GHSA-HCF7-66RW-9F5R Trubo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

5.1CVSS5.8AI score0.00021EPSS
Exploits0References3
Snyk
Snykadded 2026/04/04 6:26 a.m.1 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...

8CVSS5.9AI score0.00036EPSS
Exploits0References2
OSV
OSVadded 2025/09/15 2:48 p.m.2 views

CLSA-2025-1757947715 php: Fix of 3 CVEs

CVE-2017-9224: fix out-of-bounds read of a stack in matchat function - CVE-2017-9226: fix out-of-bounds write or read of a heap in nextstateval function - CVE-2017-9227: fix out-of-bounds read of a stack in mbcenclen function...

9.8CVSS6.8AI score0.01242EPSS
Exploits3References1
RedhatCVE
RedhatCVEadded 2025/05/21 8:10 p.m.3 views

CVE-2008-7310

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

5CVSS6.9AI score0.00158EPSS
Exploits0References1
OSV
OSVadded 2021/06/09 2:15 p.m.0 views

CVE-2021-27620

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart which will trigger an...

5.9CVSS7.3AI score
Exploits0References2
OSV
OSVadded 2020/03/23 2:15 p.m.1 views

CVE-2019-5185

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1ea28 the extracted state value from the xml file is used as a...

7CVSS7.3AI score0.00049EPSS
Exploits1References1
OSV
OSVadded 2017/05/24 12:0 a.m.0 views

UBUNTU-CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

9.8CVSS6.8AI score0.01242EPSS
Exploits1References4
Rows per page
Query Builder