Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

98 matches found

CVE
CVEadded 2026/05/27 8:15 p.m.9 views

CVE-2026-21785

CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...

4CVSS5.8AI score0.00025EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/07 9:31 a.m.2 views

EUVD-2026-19586

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...

4.3CVSS5.8AI score0.00077EPSS
Exploits0References3
NVD
NVDadded 2026/04/07 9:16 a.m.1 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS0.00077EPSS
Exploits0References2
OSV
OSVadded 2026/04/07 9:16 a.m.1 views

UBUNTU-CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00077EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.3 views

PT-2026-30804

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ Broker versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ All versions prior to 5.19.3, from 6.0.0 through 6.2.2 Description An improper...

4.3CVSS5.9AI score0.00077EPSS
Exploits0References13
CNNVD
CNNVDadded 2026/04/07 12:0 a.m.2 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper class path name validation and...

4.3CVSS5.8AI score0.00077EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/01 11:1 p.m.3 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00114EPSS
Exploits1References1
NVD
NVDadded 2026/03/31 10:16 p.m.2 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS0.00114EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/31 9:28 p.m.19 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS0.00114EPSS
Exploits1References3
OSV
OSVadded 2026/03/31 9:28 p.m.2 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00114EPSS
Exploits1References5
EUVD
EUVDadded 2026/03/31 9:28 p.m.1 views

EUVD-2026-17673

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00114EPSS
Exploits1References3
CVE
CVEadded 2026/03/31 9:28 p.m.3 views

CVE-2026-34442

FreeScout (PHP/Laravel) is affected prior to version 1.8.211 due to host header manipulation in-generated absolute URLs. The vulnerability arises because the application uses the unvalidated Host header to construct links and assets, enabling External Resource Loading and Open Redirects to attack...

6.1CVSS5.7AI score0.00114EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/31 9:28 p.m.2 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00114EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.2 views

PT-2026-29374

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00114EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEVadded 2026/03/31 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS5.8AI score0.01986EPSS
In wildExploits1References2
Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.5 views

PT-2026-20237

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.4.0 Description The Rocket TRUfusion Enterprise reverse proxy is misconfigured, permitting the specification of absolute URLs within HTTP request lines. This configuration flaw allows the proxy...

7.9CVSS5.5AI score0.01986EPSS
Exploits1References15
Cvelist
Cvelistadded 2026/02/17 12:0 a.m.22 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

0.01986EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/02/17 12:0 a.m.2 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

5.8AI score0.01986EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/17 12:0 a.m.4 views

Rocket TRUfusion Enterprise 安全漏洞

Rocket TRUfusion Enterprise is a product lifecycle management platform developed by the American company Rocket. Versions of Rocket TRUfusion Enterprise 7.10.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper reverse proxy configuration, which allows absolu...

7.9CVSS7.5AI score0.01986EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/12/11 10:5 p.m.2 views

CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

8.6CVSS6.3AI score0.00027EPSS
Exploits1References2
Rows per page
Query Builder