CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been...

6.5CVSS6.1AI score0.00281EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/23 3:34 p.m.•15 views

Malicious code in hiura-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...

5.8AI score

Exploits0References3

OSV•added 2026/05/23 3:34 p.m.•6 views

MAL-2026-4578 Malicious code in hiura-baileys (npm)

5.8AI score

Exploits0References3

OSV•added 2026/05/07 9:21 p.m.•2 views

GHSA-RGJ7-VG8V-J4WR Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation

Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...

5.3CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/05/07 9:21 p.m.•10 views

Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation

5.9AI score

Exploits0References3Affected Software1

NVD•added 2026/04/30 11:16 p.m.•2 views

CVE-2026-7510

6.5CVSS0.00281EPSS

Exploits0References7

Cvelist•added 2026/04/30 11:0 p.m.•28 views

CVE-2026-7510 OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

6.5CVSS0.00281EPSS

Exploits0References7

Vulnrichment•added 2026/04/30 11:0 p.m.•2 views

CVE-2026-7510 OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization

6.5CVSS6.2AI score0.00281EPSS

Exploits0References7

CVE•added 2026/04/30 11:0 p.m.•5 views

CVE-2026-7510

The CVE-2026-7510 entry concerns OWAP DefectDojo up to 2.55.4, with an authorization bypass affecting the Benchmark/Engagement/Product/Survey functionality. The issue is reachable remotely and is supported by a public disclosure; upgrading to DefectDojo 2.56.0 addresses the vulnerability (patch e...

6.5CVSS6.1AI score0.00281EPSS

Exploits0References7

EUVD•added 2026/04/30 11:0 p.m.•2 views

EUVD-2026-26457

6.5CVSS5.1AI score0.00281EPSS

Exploits0References7

Positive Technologies•added 2026/04/30 12:0 a.m.•4 views

PT-2026-36213

Name of the Vulnerable Software and Affected Versions OWAP DefectDojo versions prior to 2.56.0 Description An issue exists in the Benchmark, Engagement, Product, and Survey components where a manipulation can lead to a remote authorization bypass, allowing an attacker to circumvent access control...

6.5CVSS6.6AI score0.00281EPSS

Exploits0References10

CNNVD•added 2026/04/30 12:0 a.m.•6 views

DefectDojo 授权问题漏洞

DefectDojo is an application security and vulnerability management tool developed by DefectDojo. Versions of DefectDojo 2.55.4 and earlier contained a vulnerability related to authorization. This vulnerability stemmed from unknown functions within the Benchmark/Engagement/Product/Survey component...

6.5CVSS6.6AI score0.00281EPSS

Exploits0References1

GithubExploit•added 2026/04/28 6:35 p.m.•85 views

offensive-security-labs

Offensive Security Labs — Penetration Testing on a Fictional T...

5.6AI score

Exploits0

GithubExploit•added 2026/04/17 5:52 p.m.•81 views

cruxss-bb-agent

CRUXSS Bug Bounty Agent A semi-autonomous bug bounty hunting...

5.8AI score

Exploits0