Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

60 matches found

Nuclei
Nucleiadded yesterday21 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS5.8AI score0.05376EPSS
Exploits1References3
Snyk
Snykadded 2026/05/22 1:44 p.m.7 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...

5.3CVSS5.8AI score0.00069EPSS
Exploits0References2
NVD
NVDadded 2026/05/22 11:16 a.m.6 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS0.00069EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/22 12:0 a.m.7 views

PT-2026-42748

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00069EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.7 views

PT-2026-42559

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/message detail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...

6.3CVSS5.8AI score0.00046EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.9 views

PT-2026-40462

Name of the Vulnerable Software and Affected Versions GoJobs affected versions not specified Description GoJobs is a REST API for a Job Board platform. The application contains a job retrieval endpoint that lacks proper authentication and authorization checks. This allows unauthenticated users to...

5.3CVSS5.8AI score0.00044EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/05/05 7:12 p.m.6 views

CVE-2026-33420

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0004EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/05 7:12 p.m.2 views

EUVD-2026-27448

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

5.3CVSS5.8AI score0.0004EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/06 5:0 p.m.0 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS6.7AI score0.00057EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/05 6:30 p.m.1 views

EUVD-2026-19103

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00057EPSS
Exploits1References5
NVD
NVDadded 2026/04/05 4:16 p.m.2 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

8.6CVSS0.00057EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/05 3:30 p.m.26 views

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS0.00057EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/05 3:30 p.m.1 views

CVE-2026-5577

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00057EPSS
Exploits1References4
CVE
CVEadded 2026/04/05 3:30 p.m.4 views

CVE-2026-5577

CVE-2026-5577 affects Song-Li cross_browser (up to commit ca690f0fe6954fd9bcda36d071b68ed8682a786a). The vulnerable component is the details Endpoint in the file flask/uniquemachine_app.py. Manipulating the argument ID can lead to an SQL injection vulnerability. The issue can be triggered remotel...

8.6CVSS6.7AI score0.00057EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/05 3:30 p.m.3 views

CVE-2026-5577 Song-Li cross_browser details Endpoint uniquemachine_app.py sql injection

A vulnerability has been found in Song-Li crossbrowser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachineapp.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00057EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.2 views

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

8.6CVSS6.7AI score0.00057EPSS
Exploits1References9
EUVD
EUVDadded 2026/03/30 6:31 p.m.3 views

EUVD-2026-17094

Incorrect access control in the filedetails.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests...

6.5CVSS5.9AI score0.0004EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.2 views

PT-2026-29038

CVE-2026-29597 Incorrect access control in the file details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via … https://t.co/pzg5FME6z1...

6.5CVSS5.8AI score0.0004EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/03/30 12:0 a.m.2 views

CVE-2026-29597

DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...

6AI score0.0004EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:8 p.m.2 views

CVE-2026-33345

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

6.5CVSS5.7AI score0.00016EPSS
Exploits1References1
Rows per page
Query Builder