leads
27 leads · 6 pending
| Severity | Title | Target | CVSS | Pre-req | Triage | AI Triage | File |
|---|---|---|---|---|---|---|---|
| critical | SSRF in /api/webhooks/subscribe reaches 169.254.169.254 | acme-shop | 9.8* | None | pending | VALID | src/webhooks/subscribe.ts |
| critical | open redirect→OAuth state reuse→full account takeover | acme-shop | 9.6 | None | valid | VALID | src/auth/oauth.ts |
| critical | Auth bypass via JWT `none` algorithm in fallback path | docs-api | 9.4 | None | valid | VALID | internal/auth/verify.go |
| high | IDOR on /users/:id/export reveals PII for any user | patient-portal | 8.6* | Low | pending | VALID | src/api/users.ts |
| high | IDOR leaks user IDs→predictable session token→impersonate any user | patient-portal | 8.9* | Low | pending | VALID | src/session/sign.ts |
| high | SQL injection in sort= parameter on search endpoint | acme-shop | 8.1 | None | valid | VALID | src/api/search.ts |
| critical | SSRF in webhook→IMDS token→IAM escalation to admin | ingest-svc | 9.9* | None | valid | VALID | src/webhooks/*.ts |
| high | Stored XSS in markdown comment renderer | docs-api | 7.4 | Low | pending | NEEDS_INFO | src/render/md.tsx |
| medium | CORS wildcard + credentials enabled on /api/v2/* | acme-shop | 6.5 | None | low-impact | LOW_IMPACT | src/server/cors.ts |
| medium | Unvalidated redirect in OAuth callback state | banksite-web | 6.1 | None | pending | NEEDS_INFO | src/auth/oauth.ts |
| medium | Race in password-reset: two tokens live simultaneously | patient-portal | 5.9 | Low | pending | VALID | src/api/reset.ts |
| low | Verbose error stack leaks internal file paths | ingest-svc | 3.7 | None | valid | VALID | internal/errors.go |
| low | Cookie set without `Secure` flag on /subscribe | banksite-web | 3.1 | None | n/a | — | src/server/cookies.ts |
| medium | Open redirect via `next` query parameter on /login | docs-api | 4.7 | None | n/a | — | src/auth/login.ts |
| low | X-Frame-Options missing on marketing subdomain | acme-shop | 2.6 | None | n/a | — | edge/headers.ts |