Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/03/26 12:0 a.m.3 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

5.4CVSS5.8AI score0.0004EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.3 views

PT-2026-26195

Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...

5.3CVSS5.8AI score0.00077EPSS
Exploits0References11
NVD
NVDadded 2026/02/04 7:16 a.m.4 views

CVE-2026-21393

Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...

5.4CVSS0.00017EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/10/28 12:31 a.m.6 views

Liferay Portal Does Not Limit Access to APIs Before Email Verification

Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...

6.9CVSS7AI score0.00057EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2023/12/26 6:15 a.m.2 views

CVE-2023-50297

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

6.1CVSS5.9AI score0.00631EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2023/11/07 4:47 a.m.3 views

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

7.2CVSS7.6AI score0.01296EPSS
Exploits1References5
OSV
OSVadded 2022/09/08 8:15 a.m.2 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS5.9AI score0.05225EPSS
Exploits0References2
OSV
OSVadded 2021/10/12 3:15 p.m.2 views

CVE-2021-37730

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant...

7.2CVSS6AI score
Exploits0References2
Rows per page
Query Builder