Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

OSV
OSVadded 2020/02/26 7:54 p.m.22 views

GHSA-FXJM-WVJ9-9C39 Information disclosure in Apache Superset

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

6.5CVSS6.1AI score0.00222EPSS
Exploits0References4
Veracode
Veracodeadded 2020/02/04 7:32 a.m.21 views

Information Disclosure

apachesuperset is vulnerable to information disclosure. The leakage exists because an authenticated user is allowed to access other users' sensitive information via unused and undocumented API endpoints...

6.5CVSS3.4AI score0.00222EPSS
Exploits0References3Affected Software1
seebug.org
seebug.orgadded 2018/06/20 12:0 a.m.335 views

AVTECH {DVR/NVR/IPC} IPCP API RCE

!/usr/bin/env python2.7 SOF Subject: AVTECH DVR/NVR/IPC IPCP API admin l/p, RCE 2018 bashis Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis March 2018 Authenticated Reverse Shell; Using admin l/p that we can retrieve with unauthenticated and undocumented...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2015/07/08 12:0 a.m.26 views

Grandstream GXV3275 SSH Key / Command Execution

The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor: /system/root/.ssh cat authorizedkeys Public key portion is: ssh-rsa...

0.3AI score
Exploits0
Exploit DB
Exploit DBadded 2015/07/08 12:0 a.m.37 views

Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities

The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor: /system/root/.ssh cat authorizedkeys Public key portion is: ssh-rsa...

7.4AI score
Exploits0
ThreatPost
ThreatPostadded 2014/09/22 12:4 p.m.11 views

MyFitnessPal App Patches Privacy Vulnerability

The details of a patched vulnerability in a popular mobile fitness application have been disclosed three months after a fixed was released. The flaw could have allowed a user to fetch the personal profile of another registered app user. MyFitnessPal deployed a fix on June 26 for a privacy flaw in...

6.5AI score
Exploits0References4
Cvelist
Cvelistadded 2013/06/19 10:0 a.m.13 views

CVE-2013-0484

The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service daemon crash via an undocumented API call that triggers the transmission of unexpected data...

6.4AI score0.00535EPSS
Exploits0References2
Rows per page
Query Builder