Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1036 matches found

CVE
CVEadded 2026/01/19 8:36 a.m.16 views

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/17 12:23 a.m.6 views

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS7.5AI score0.00681EPSS
Exploits0References1
CVE
CVEadded 2026/01/16 12:0 a.m.7 views

CVE-2025-68924

CVE-2025-68924 affects UmbracoForms up to version 8.13.16. An authenticated attacker can specify a malicious WSDL URL as a Webservice data source, enabling remote code execution via dynamic SOAP client generation. The root cause is untrusted WSDL processing in the Webservice data source. Impact i...

7.5CVSS7.6AI score0.00681EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/16 12:0 a.m.2 views

PT-2026-3273

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

7.5CVSS8AI score0.00681EPSS
Exploits0References4
Snyk
Snykadded 2026/01/13 7:54 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

9.9CVSS7.6AI score0.00681EPSS
Exploits0References5
OSV
OSVadded 2026/01/13 7:54 p.m.3 views

GHSA-VRGW-PC9C-QRRC UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

9.9CVSS7.2AI score0.00681EPSS
Exploits0References6
Circl
Circladded 2026/01/12 6:14 a.m.5 views

CVE-2025-69274

creationtimestamp| type| source ---|---|--- 2026-01-12 06:14:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mc7f6gihuv2e 2026-01-12 08:28:43+00:00| seen| https://gist.github.com/Darkcrai86/f0f6df139dd354963017b94c3867a324...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 12:36 p.m.3 views

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...

8.8CVSS6.8AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 11:29 a.m.6 views

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

8.8CVSS7.8AI score0.01861EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:56 a.m.18 views

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

7.2CVSS6.7AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:27 a.m.11 views

CVE-2023-31404

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

5CVSS6.6AI score0.00466EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/18 3:18 p.m.11 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Privilege Management in Grafana (CVE-2024-1442)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-1442 Vulnerability Details CVEID:CVE-2024-1442 DESCRIPTION: A user with the permissions to create a data source can use Grafana API to...

8.8CVSS6.6AI score0.00802EPSS
Exploits0Affected Software1
Circl
Circladded 2025/12/18 8:2 a.m.4 views

CVE-2025-60044

creationtimestamp| type| source ---|---|--- 2025-12-18 08:02:35+00:00| seen| https://bsky.app/profile/potato.software/post/3maapl4l7n42k...

8.1CVSS4.8AI score0.00415EPSS
Exploits0References1
Veracode
Veracodeadded 2025/12/13 5:8 a.m.8 views

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

9.8CVSS7.6AI score0.00958EPSS
Exploits1References3Affected Software1
HackRead
HackReadadded 2025/12/04 2:1 p.m.3 views

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Austin, TX, USA, 4th December 2025, CyberNewsWire...

7AI score
Exploits0
Circl
Circladded 2025/12/03 2:14 p.m.1 views

CVE-2025-38280

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

7.8CVSS6.8AI score0.00176EPSS
Exploits0References1
Circl
Circladded 2025/12/03 2:14 p.m.3 views

CVE-2024-40965

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

5.5CVSS5.8AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/20 9:56 p.m.17 views

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.8AI score0.00409EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/11/20 12:0 a.m.13 views

TencentOS Server 3: log4j (TSSA-2022:0188)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0188 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS7.8AI score0.99999EPSS
Exploits347References4
EUVD
EUVDadded 2025/11/13 12:11 a.m.2 views

EUVD-2025-50819

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input via CPU...

7.5CVSS6.3AI score0.00273EPSS
Exploits0References3
Rows per page
Query Builder