Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/04/01 8:35 a.m.3 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00033EPSS
Exploits1References3
EUVD
EUVDadded 2026/03/27 6:31 p.m.3 views

EUVD-2026-16721

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00033EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/27 4:24 p.m.1 views

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00033EPSS
Exploits1References3
GithubExploit
GithubExploitadded 2026/03/09 4:37 p.m.108 views

challenge-yourself-level-1

Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...

6.1AI score
Exploits0
CNNVD
CNNVDadded 2023/11/02 12:0 a.m.3 views

AlgoSec FireFlow Cross-Site Scripting Vulnerability

AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A cross-site scripting vulnerability exists in AlgoSec Fireflow versions A32.20 and A32.50, which stems fr...

5.9CVSS6.4AI score0.00023EPSS
Exploits0References3
Hacker One
Hacker Oneadded 2019/10/16 10:11 p.m.19 views

U.S. Dept Of Defense: [HTA2] XXE on https://███ via SpellCheck Endpoint.

A full read XXE vulnerability was discovered on a website via the SpellCheck endpoint, allowing an attacker to read local files, make HTTP requests to internal applications and read the responses, steal NTLM hashes, and also completely deny service to the application...

6.8AI score
Exploits0
Metasploit
Metasploitadded 2013/01/29 4:29 a.m.50 views

Windows Gather Credential Cache Dump

This module uses the registry to extract the stored domain hashes that have been cached as a result of a GPO setting. The default setting on Windows is to store the last ten successful logins. This module requires Metasploit: https://metasploit.com/download Current source:...

6.9AI score
Exploits0
Rows per page
Query Builder