Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2023/10/31 12:0 a.m.5 views

VMware Workspace ONE Input Validation Error Vulnerability

VMware Vmware Workspace One is a platform from VMware that supports cross-device applications for rapid delivery and management of applications. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoint...

8.8CVSS6.8AI score0.00398EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blogadded 2023/06/28 5:11 a.m.235 views

Black Basta ransomware

What is Black Basta ransomware? Black Basta is a threat group that provides ransomware-as-a-service RaaS. The service is maintained by dedicated developers and is a highly efficient and professionally run operation; theres a TOR website that provides a victim login portal, a chat room, and a wall...

9.3CVSS10.2AI score0.99759EPSS
Exploits75
CNNVD
CNNVDadded 2023/04/21 12:0 a.m.3 views

passport 授权问题漏洞

passport is an Express-compatible Node.js authentication middleware from Jared Hanson, an individual developer in the United States. An authorization issue vulnerability exists in passport. An attacker could use this vulnerability to hijack a victim's session by throwing a valid "sessionId" cooki...

8.1CVSS7.8AI score0.00751EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:31 a.m.2 views

SUSE CVE-2014-1517

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's...

4CVSS6.3AI score0.01314EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2020/04/11 4:43 p.m.119 views

U.S. Dept Of Defense: Full Account Take-Over of ████████ Members via IDOR

Summary https://███████ is a Social Network Site belonging to US DoD. Membership is open to anyone, I have found a method to fully take-over any members' account by exploiting an IDOR bug in the ██████████ end-point. By changing the following values in the POST request to the affected end-point:...

Exploits0
OSV
OSVadded 2014/04/20 1:55 a.m.2 views

DEBIAN-CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

4CVSS8.7AI score0.0106EPSS
Exploits1References1
OSV
OSVadded 2011/04/08 3:17 p.m.2 views

DEBIAN-CVE-2011-1491

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an...

3.5CVSS6.3AI score0.01519EPSS
Exploits0References1
Rows per page
Query Builder