Lucene search
K

70 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-4718

Malware in sbrugna...

5CVSS6.4AI score0.02072EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28617

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00428EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 3:22 a.m.10 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS5.8AI score0.00428EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:38 a.m.4 views

CVE-2015-9433

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...

6.5CVSS6.2AI score0.00859EPSS
Exploits1References1
hackerone
hackerone
added 2024/10/30 5:51 p.m.48 views

Automattic: Open redirect via redirect_to parameter in tumblr.com

The Tumblr website was affected by an open redirect vulnerability that allowed an attacker to redirect users to a specified URL through the "redirectto" parameter. This vulnerability could have been exploited to conduct phishing attacks or distribute malware...

7AI score
Exploits0
nvd
nvd
added 2023/05/29 3:15 a.m.22 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS6AI score0.00428EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/05/29 3:15 a.m.5 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS5.9AI score0.00428EPSS
Exploits0References3
prion
prion
added 2023/05/29 3:15 a.m.17 views

Cross site scripting

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

5.8CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/05/29 12:0 a.m.26 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1AI score0.00428EPSS
Exploits0References2
osv
osv
added 2023/05/29 12:0 a.m.18 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS5.9AI score0.00428EPSS
Exploits0References4
cve
cve
added 2023/05/29 12:0 a.m.57 views

CVE-2023-24602

Open-Xchange OX App Suite prior to frontend 7.10.6-rev24 is affected by CVE-2023-24602, a cross-site scripting (XSS) vulnerability in the Tumblr portal widget that could affect data such as a post title. The issue is documented across multiple sources, with remediation guidance indicating to upgr...

6.1CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/05/29 12:0 a.m.8 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

5.8AI score0.00428EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/05/29 12:0 a.m.5 views

PT-2023-19704 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev24 Description: The issue allows for XSS via data to the Tumblr portal widget, such as a post title. Recommendations: For versions prior to 7.10.6-rev24, update to version 7.10.6-rev24 or later to...

6.1CVSS6AI score0.00428EPSS
Exploits0References5
kitploit
kitploit
added 2022/03/29 11:30 a.m.45 views

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

7.5AI score
Exploits0References9
hackerone
hackerone
added 2022/02/18 3:44 a.m.37 views

Automattic: De-anonymize anonymous tips through the Tumblr blog network

Hey y’all! 👋 Hope all is well! Summary: I noticed that, if you send an anonymous tip through the Tumblr dashboard, you can be de-anonymized through the notes view on the blog network & maybe elsewhere?. Platforms Affected: All platforms, but requires a blog that is served on the blog network. Ste...

0.4AI score
Exploits0
hackerone
hackerone
added 2021/08/28 7:15 p.m.33 views

Automattic: Ability to subscribe to inactive Post+ creators

Hey y'all! 👋 Hope all is well! Summary: In testing Tumblr's Post+, I've found that it's possible to subscribe to creators that, at one point, opted into Post+ but had opted out after some point. As I note later on, it appears that this is a "one time use only" as the Payment URL becomes invalid...

Exploits0
threatpost
threatpost
added 2021/03/19 2:52 p.m.33 views

CopperStealer Malware Targets Facebook and Instagram Business Accounts

A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...

7AI score
Exploits0References7
hackerone
hackerone
added 2020/09/17 7:35 p.m.61 views

Automattic: Tab nabbing via window.opener.location (target "_blank")

Summary: When you open a link using target="blank", the page that opens in a new tab get access to the initial tab and change its location using the window.opener.location function. Platforms Affected: website Steps To Reproduce for the first target blank: 1. First target "blank" 1. On...

Exploits0
kitploit
kitploit
added 2020/01/26 9:0 p.m.181 views

Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy

socialscan offers accurate and fast checks for email address and username usage on online platforms. Given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Features that differentiate socialscan from similar tools e.g. knowem.com,...

7.2AI score
Exploits0References1
hackerone
hackerone
added 2019/12/20 7:25 a.m.71 views

Automattic: Follow by email allows for following by unverified emails

The initial report outlined being able to add any email to a Tumblr account without verifying it first which is expected behavior that does not pose a security risk. However, the reporter also reported that these unverified emails were able to be used in our “follow by email” feature which we did...

1AI score
Exploits0
Rows per page
Query Builder