Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Vulnrichment
Vulnrichmentadded 2026/05/04 5:42 p.m.0 views

CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null"

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password:...

9.4CVSS5.7AI score0.00058EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/04 5:42 p.m.1 views

CVE-2026-41571

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password:...

9.4CVSS5.7AI score0.00058EPSS
Exploits0References3
Circl
Circladded 2025/06/04 12:39 p.m.10 views

CVE-2021-41571

creationtimestamp| type| source ---|---|--- 2025-06-04 12:39:24+00:00| seen| https://gist.github.com/Denovo1998/0b2ab59e46ce23a9fa4c61c5d866675f 2025-06-13 11:52:01+00:00| seen| https://gist.github.com/Denovo1998/163e55b3a612873364a00cf0df5a1b95...

6.5CVSS6.4AI score0.00979EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 11:7 p.m.9 views

CVE-2022-41571

An issue was discovered in EyesOfNetwork EON through 5.3.11. Local file inclusion can occur...

9.8CVSS6.8AI score0.00763EPSS
Exploits0References1
Circl
Circladded 2022/09/28 2:36 a.m.3 views

CVE-2022-41571

creationtimestamp| type| source ---|---|--- 2022-09-28 02:36:26+00:00| seen| https://t.me/cibsecurity/50543...

9.8CVSS8.7AI score0.00763EPSS
Exploits0References1
CVE
CVEadded 2022/09/27 1:53 a.m.61 views

CVE-2022-41571

EyesOfNetwork (EON)

9.8CVSS9.4AI score0.00763EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2022/09/27 1:53 a.m.6 views

CVE-2022-41571

An issue was discovered in EyesOfNetwork EON through 5.3.11. Local file inclusion can occur...

9.5AI score0.00763EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/02/01 12:40 p.m.16 views

CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...

6.4AI score0.00979EPSS
Exploits1References3
CVE
CVEadded 2022/02/01 12:40 p.m.86 views

CVE-2021-41571

CVE-2021-41571 affects Apache Pulsar. The vulnerability arises from improper validation of the ledger id in the Admin API get-message-by-id, allowing a user to read BookKeeper data for tenants other than their own via the topic- and ledger-id context. Affected versions include Pulsar 2.8.0 and ol...

6.5CVSS6.2AI score0.00979EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2022/01/31 5:58 p.m.33 views

CVE-2021-41571

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...

6.5CVSS2.2AI score0.00979EPSS
Exploits1References3
Rows per page
Query Builder