Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded yesterday7 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

5.9CVSS
Exploits0References1
OSV
OSVadded 2026/05/25 8:18 p.m.3 views

MAL-2026-4396 Malicious code in @izumiswap/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63bd0a7aaa4ac18d8ae0c57c07bec05cb4f69e8650e77c117d11c048e5cec004 On npm install, scripts/postinstall.js runs as the preinstall/postinstall lifecycle hook and performs an unambiguous install-time RCE. It first...

5.8AI score
Exploits0References5
OSV
OSVadded 2026/05/21 3:48 a.m.4 views

MAL-2026-4365 Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

6.3AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/05/06 9:52 p.m.3 views

kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection

Summary When the kube-router routing controller starts --run-router, it binds the GoBGP gRPC management server to the node's primary IP e.g., 192.168.1.10:50051 in addition to 127.0.0.1:50051. The default admin port is 50051 and the server is enabled by default with no TLS and no authentication...

6AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 4:8 a.m.3 views

CVE-2023-38688

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

7.5CVSS6.7AI score0.00756EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/12/23 5:13 p.m.14 views

CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...

5.3CVSS0.00055EPSS
Exploits0References1
Rows per page
Query Builder