Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/05/18 12:0 a.m.7 views

DumbAssets 跨站脚本漏洞

DumbAssets is a physical asset tracking and management tool developed by DumbWare. Versions of DumbAssets 1.0.11 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting issue in asset fields. It allowed attackers to create o...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/20 1:18 p.m.1 views

CVE-2025-14376

A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024...

8.6CVSS5.2AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/12/20 12:13 a.m.7 views

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS6.7AI score0.00316EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.21 views

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS0.00316EPSS
Exploits1References6
CVE
CVEadded 2025/12/19 12:0 a.m.12 views

CVE-2025-67842

The CVE describes a vulnerability in Mintlify Platform’s Static Asset API where, prior to 2025-11-15, any tenant’s assets could be served on another tenant’s documentation site via the subdomain parameter, enabling remote arbitrary web script or HTML injection. Affected component: Static Asset AP...

6.4CVSS6.2AI score0.00316EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2025/12/18 12:0 a.m.5 views

PT-2025-52403

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS6.7AI score0.00316EPSS
Exploits1References7
OSV
OSVadded 2025/01/19 3:15 a.m.1 views

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

7.5CVSS5.9AI score0.00763EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/06/13 12:0 a.m.3 views

Dell Secure Connect Gateway SQL Injection Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell, Inc. A SQL injection vulnerability exists in Dell Secure Connect Gateway versions prior to 5.22.00.00, which stems from a SQL injection in the internal Asset REST API, which could be exploited by a remote attacker to execute...

8.8CVSS7.9AI score0.0047EPSS
Exploits0References2
Rows per page
Query Builder