Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2025/12/18 10:47 p.m.1 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization in the sharing endpoint. An attacker can escalate privileges by sending a crafted HTTP request to change a...

5.3CVSS6.7AI score0.00026EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/16 4:43 p.m.28 views

CVE-2025-68116 FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

8.9CVSS0.00034EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/16 4:43 p.m.2 views

EUVD-2025-203799

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

8.9CVSS5AI score0.00034EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/12/16 12:0 a.m.3 views

PT-2025-51741

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 2.7.1 Description FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are susceptible to Stored Cross-Site Scripting XSS because of unsafe handling of browser-renderable user uploads...

8.9CVSS5.4AI score0.00034EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/09/11 12:0 a.m.4 views

PT-2025-37108

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat version 0.7.8 Description: Improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Conversation IDs, while generated...

4.2CVSS4.6AI score0.0005EPSS
Exploits1References6
Prion
Prionadded 2022/08/15 9:15 p.m.7 views

Design/Logic Flaw

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs...

5CVSS7.6AI score0.00362EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloudadded 2016/07/19 12:0 a.m.23 views

Stored XSS in "gallery" application (NC-SA-2016-001)

Due to a recent migration of the Gallery app to the new sharing endpoint a parameter changed from an integer to a string value. This value wasn't sanitized before and was thus now vulnerable to a Cross-Site-Scripting attack.To exploit this vulnerability an authenticated attacker has to share a...

3.5CVSS1.9AI score0.002EPSS
Exploits1Affected Software1
Rows per page
Query Builder