Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:42 p.m.7 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.4AI score0.00213EPSS
Exploits0References1
NVD
NVDadded 2026/04/22 3:16 p.m.1 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS0.00213EPSS
Exploits0References2
CVE
CVEadded 2026/04/22 12:0 a.m.2 views

CVE-2026-35548

GuardSix/Logpoint guardsix ODBC Enrichment Plugins before 5.2.1 contain a logic flaw: stored database credentials can be reused after changing target Host/IP/Port. When editing an existing Enrichment Source, previously stored credentials remain and can be redirected to unintended internal systems...

8.5CVSS5.7AI score0.00213EPSS
Exploits0References2Affected Software2
Cvelist
Cvelistadded 2026/04/22 12:0 a.m.27 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/14 1:22 a.m.1 views

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS5.9AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/09 7:43 p.m.0 views

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS6AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/09 7:43 p.m.1 views

CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS5.9AI score0.00232EPSS
Exploits0References1
NVD
NVDadded 2026/04/02 8:16 p.m.4 views

CVE-2023-7343

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS0.00142EPSS
Exploits0References2
CVE
CVEadded 2026/04/02 7:56 p.m.8 views

CVE-2023-7343

The CVE-2023-7343 entry concerns the HiSecOS web server where an authenticated operator/auditor can escalate to administrator by sending specially crafted packets. The core issue is a privilege-escalation vulnerability that can grant full administrative access to the affected device. The provided...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/29 12:0 a.m.5 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an authenticated operator with only operator.write privileges to access the administrator-specific browser profile management rout...

7.1CVSS5.8AI score0.00288EPSS
Exploits0References2
CNVD
CNVDadded 2026/03/26 12:0 a.m.2 views

OpenClaw Command Execution Vulnerability (CNVD-2026-16046)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...

8.8CVSS6.2AI score0.00406EPSS
Exploits0
NVD
NVDadded 2026/03/21 1:17 a.m.1 views

CVE-2026-32051

OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...

8.8CVSS0.00412EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/18 12:0 a.m.4 views

OpenClaw 参数注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a command execution vulnerability that can be exploited by an attacker to cause an authenticated operator to execute arbitrary parameters...

8.8CVSS6.2AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.4 views

PT-2026-26002

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...

8.8CVSS6.1AI score0.00406EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.6 views

PT-2026-6802

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...

9.9CVSS5.8AI score0.27661EPSS
Exploits44References116
EUVD
EUVDadded 2025/11/11 9:30 a.m.2 views

EUVD-2025-74035

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account...

4.3CVSS6.4AI score0.0022EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/10/24 4:9 a.m.5 views

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS6.3AI score0.00283EPSS
Exploits0References1
CVE
CVEadded 2025/10/23 3:38 a.m.10 views

CVE-2025-47699

CVE-2025-47699 affects Gallagher Command Centre Server via the Morpho integration. Root cause: Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497). Affected versions: 9.30 before 9.30.2482 (MR2), 9.20 before 9.20.2819 (MR4), 9.10 before 9.10.3672 (MR7), 9.00 befor...

9.9CVSS6AI score0.00283EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/23 3:38 a.m.4 views

EUVD-2025-35649

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS5.8AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/23 3:38 a.m.2 views

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS6AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder