Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Japan Vulnerability Notes
Japan Vulnerability Notesadded 2024/04/23 12:0 a.m.11 views

JVN#24683352: TvRock vulnerable to cross-site request forgery

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...

4.3CVSS4.6AI score0.00152EPSS
Exploits0
Metasploit
Metasploitadded 2015/10/22 2:46 p.m.21 views

Safari User-Assisted Applescript Exec Attack

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by...

7.5CVSS7.2AI score0.78161EPSS
Exploits8
Metasploit
Metasploitadded 2014/03/04 11:2 p.m.13 views

Safari User-Assisted Download and Run Attack

This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the internet. A...

10AI score
Exploits0
Rows per page
Query Builder