Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNNVD
CNNVDadded 2026/05/08 12:0 a.m.4 views

plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

9.1CVSS5.7AI score0.00018EPSS
Exploits0References1
Snyk
Snykadded 2026/04/29 9:23 p.m.2 views

Cross-site Scripting (XSS)

Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...

9.6CVSS5.8AI score0.0008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/01 5:49 p.m.1 views

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.0005EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/01/09 6:34 a.m.14 views

CVE-2025-14718

CVE-2025-14718 affects the Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress. The WordPress plugin exposes an authorization bypass where an attacker with Contributor-level access or higher can perform actions without pr...

5.4CVSS5.5AI score0.00021EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/09 6:34 a.m.4 views

CVE-2025-14718 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated...

5.4CVSS5.5AI score0.00021EPSS
Exploits0References2
Imperva Blog
Imperva Blogadded 2024/11/14 7:11 p.m.11 views

Business Logic Attacks Target Election-Related Sites on Election Day

As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...

7.6AI score
Exploits0
Rows per page
Query Builder