Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2005 matches found

FreeBSD
FreeBSDadded 2023/01/16 12:0 a.m.24 views

Spotipy -- Path traversal vulnerability

Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...

4.3CVSS5.2AI score0.00653EPSS
Exploits1References2
OSV
OSVadded 2023/01/13 6:15 a.m.6 views

CVE-2022-3841

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery SSRF vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes RHACM. An attacker could take advantage of this as the console API endpoint is missing an...

7.8CVSS5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/01/13 12:0 a.m.4 views

PT-2023-15114 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/ajax.php?action=save window" API endpoint...

7.2CVSS7.1AI score0.00821EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/01/13 12:0 a.m.6 views

PT-2023-15109 · Unknown · Helmet Store Showroom Site

Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete category" API endpoint. Recommendations:...

7.2CVSS7AI score0.00821EPSS
Exploits1References5
CVE
CVEadded 2023/01/11 8:38 p.m.89 views

CVE-2022-3841

CVE-2022-3841 is an unauthenticated SSRF in the RHACM console API endpoint of Red Hat Advanced Cluster Management for Kubernetes. The vulnerability arises from a missing authentication check on the console API, enabling unauthenticated requests. CVSSv3.1 base score is 7.8 (High), with LOCAL attac...

7.8CVSS7.8AI score0.0023EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/30 12:0 a.m.4 views

PT-2022-28019 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A stack overflow issue was discovered in the security parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A15 version 15.13.07.13, consider restricting access to the...

9.8CVSS9.6AI score0.00873EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2022/12/26 12:0 a.m.5 views

PT-2022-23535 · Unknown · Password Manager For Iis

Name of the Vulnerable Software and Affected Versions: Password Manager for IIS version 2.0 Description: The issue is a cross-site scripting XSS vulnerability. It occurs via the "/isapi/PasswordManager.dll" API endpoint, specifically through the ResultURL parameter. This allows for potential...

6.1CVSS6.1AI score0.03767EPSS
Exploits5References7
Talos
Talosadded 2022/12/21 12:0 a.m.43 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2022/12/20 12:0 a.m.6 views

PT-2022-27894 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the entrys parameter at the "/goform/addressNat" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/12/20 12:0 a.m.4 views

PT-2022-27903 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the deviceId parameter at the "/goform/saveParentControlInfo" API endpoint. This issue allows for potential exploitation. Recommendations: For Tenda F1203...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/20 12:0 a.m.5 views

PT-2022-27888 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the speed dir parameter at the "/goform/SetSpeedWan" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...

7.5CVSS7.6AI score0.00815EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/20 12:0 a.m.3 views

PT-2022-27899 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the page parameter at the "/goform/NatStaticSetting" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/12/20 12:0 a.m.5 views

PT-2022-27897 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the mitInterface parameter at the "/goform/addressNat" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...

7.5CVSS7.6AI score0.00815EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/14 12:0 a.m.6 views

PT-2022-27748 · Unknown · Helmet Store Showroom Site

Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/hss/admin/categories/view category.php?id=" API endpoint, specifically through the id variable. Recommendations: For Helm...

7.2CVSS6.9AI score0.00726EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/14 12:0 a.m.3 views

PT-2022-27743 · Unknown · Helmet Store Showroom Site

Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/hss/?page=product per brand&bid=" API endpoint. The bid variable is vulnerable to SQL Injection attacks. Recommendations:...

7.2CVSS7.1AI score0.00726EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/14 12:0 a.m.4 views

PT-2022-24424 · Unknown · Logrocket-Oauth2-Example

Name of the Vulnerable Software and Affected Versions: logrocket-oauth2-example versions prior to 2020-05-27 Description: The issue allows SQL injection via the /auth/register API endpoint, specifically through the username parameter. Recommendations: For versions prior to 2020-05-27, as a...

9.8CVSS9.8AI score0.14132EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2022/12/12 12:0 a.m.3 views

PT-2022-27454 · Unknown · Dynamic Transaction Queuing System

Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the "/queuing/admin/ajax.php?action=save settings" API endpoint. This vulnerability allows attackers to execute...

7.2CVSS7.2AI score0.15323EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/12/08 12:0 a.m.3 views

PT-2022-27565 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/L7Im" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consider restricting...

7.5CVSS7.6AI score0.00859EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/08 12:0 a.m.3 views

PT-2022-27555 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/P2pListFilter" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consider...

7.5CVSS7.4AI score0.00859EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/12/08 12:0 a.m.6 views

PT-2022-27545 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: A stack overflow issue was discovered, which can be triggered via the linkEn parameter at the "/goform/setAutoPing" API endpoint. Recommendations: For Tenda W6-S version 1.0.0.4510, avoid using the...

7.5CVSS7.5AI score0.00859EPSS
Exploits1References2
Rows per page
Query Builder