Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/04/14 8:0 p.m.3 views

free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS6AI score0.00043EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/09/11 8:27 p.m.2 views

CVE-2025-58765

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS5.8AI score0.00085EPSS
Exploits0References1
NVD
NVDadded 2025/09/09 9:15 p.m.2 views

CVE-2025-58765

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS0.00085EPSS
Exploits0References3
OSV
OSVadded 2025/09/09 8:16 p.m.2 views

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

7.1CVSS5.7AI score0.00085EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/05/30 8:0 p.m.14 views

ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, https enforcement, password reset links and many more. Since the host header itself is provided by the client...

7.2AI score
Exploits0References8Affected Software1
Positive Technologies
Positive Technologiesadded 2024/05/30 12:0 a.m.1 views

PT-2024-40384 · Typo3 Cms · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS affected versions not specified Description: The issue arises from the improper validation of the HTTP host-header in TYPO3 CMS, making it susceptible to host spoofing. The HTTP host-header is used by TYPO3 to generate absolute URLs...

6.1CVSS7AI score
Exploits0References9
OSV
OSVadded 2020/04/15 8:15 p.m.2 views

CVE-2020-11663

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...

6.1CVSS6.4AI score0.00259EPSS
Exploits0References4
PyPA
PyPAadded 2019/04/06 8:29 p.m.5 views

PYSEC-2019-201

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

6.1CVSS6.3AI score0.00595EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder