Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/26 2:12 a.m.7 views

CVE-2026-23696

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

9.9CVSS7.8AI score0.00105EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/07 6:31 p.m.0 views

EUVD-2026-19748

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

9.9CVSS6.4AI score0.00105EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/01/13 10:52 p.m.2 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS7AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/20 6:23 p.m.3 views

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

9.9CVSS6.8AI score0.00199EPSS
Exploits1References1
NVD
NVDadded 2025/10/17 9:15 p.m.2 views

CVE-2025-62645

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

9.9CVSS0.00199EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/17 12:0 a.m.2 views

EUVD-2025-34928

The Restaurant Brands International RBI assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation...

9.9CVSS6.3AI score0.00199EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2024/07/01 9:33 p.m.14 views

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

4.7CVSS7.2AI score0.00091EPSS
Exploits0References2
Rows per page
Query Builder