Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/03/19 12:44 p.m.5 views

Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass

Details A Path Traversal and Access Control Bypass vulnerability was discovered in the salvo-proxy component of the Salvo Rust framework v0.89.2. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g., protected...

7.5CVSS5.8AI score0.00026EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/18 12:0 a.m.2 views

PT-2026-20563

A security vulnerability has been discovered in how the input.parsed path field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Th...

7.1CVSS5.5AI score
Exploits0References5
Snyk
Snykadded 2025/05/20 2:44 p.m.1 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to insufficient enforcement of access restrictions on all backend routes. An attacker can bypass the multifactor authentication MFA dialog presented during backend login by...

8.6CVSS7.1AI score0.00276EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2022/05/13 1:24 a.m.23 views

October CMS Local File Inclusion

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...

8.1CVSS7.3AI score0.01798EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2021/09/27 12:0 a.m.2 views

S-CMS 访问控制错误漏洞

S-CMS is a PHP and MySQL-based content management system CMS from S-CMS, a Chinese company. S-CMS suffers from an access control error vulnerability, which originates from an unauthorized access vulnerability in CMS Enterprise Website Construction System 5.0. An attacker can use this vulnerabilit...

10CVSS8.4AI score0.00263EPSS
Exploits0References2
OSV
OSVadded 2018/08/06 3:29 p.m.1 views

CVE-2018-14976

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS...

4.8CVSS5.8AI score0.00235EPSS
Exploits1References1
OSV
OSVadded 2018/07/23 3:29 p.m.2 views

CVE-2018-1999009

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...

8.1CVSS6AI score0.01798EPSS
Exploits0References1
Prion
Prionadded 2018/07/23 3:29 p.m.16 views

Design/Logic Flaw

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php244 makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend pat...

6.8CVSS8.2AI score0.01798EPSS
Exploits0References1
Rows per page
Query Builder