Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

172 matches found

RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-8345

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

8.8CVSS6.4AI score0.00089EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/24 10:0 a.m.6 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00053EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/15 9:29 p.m.10 views

CVE-2026-45317

CVE-2026-45317 describes an application-wide CSRF vector in Open WebUI’s image handling prior to 0.9.3. An authenticated user can influence image URL rendering so that viewing a compromised image causes the user’s browser to issue GET requests to an attacker-controlled URL, potentially leaking co...

4.6CVSS5.8AI score0.00006EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2026/05/12 12:17 a.m.7 views

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

8.8CVSS0.00089EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/05/10 4:30 a.m.6 views

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

6.5CVSS6.4AI score0.00351EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/10 12:0 a.m.5 views

PT-2026-39456

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. T...

6.5CVSS6.4AI score0.00351EPSS
Exploits1References5
EUVD
EUVDadded 2026/05/07 6:30 p.m.6 views

EUVD-2026-28403

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.00035EPSS
Exploits0References5
CVE
CVEadded 2026/05/01 1:15 a.m.6 views

CVE-2026-7536

Open5GS BSF component (pcfBindings, function bsf_sess_add_by_ip_address in /nbsf-management/v1/pcfBindings) is affected up to version 2.7.7. Manipulating the ipv4Addr argument can cause a denial of service, with the attack executable remotely. The exploit has been publicly disclosed, and the Open...

6.9CVSS5.5AI score0.0006EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/01 1:15 a.m.2 views

EUVD-2026-26469

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsfsessaddbyipaddress of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

6.9CVSS5.6AI score0.0006EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/01 12:0 a.m.1 views

PT-2026-36290

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf sess add by ip address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched...

6.9CVSS5.7AI score0.0006EPSS
Exploits0References6
NVD
NVDadded 2026/04/28 7:16 a.m.1 views

CVE-2026-7234

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS0.00066EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/26 11:0 p.m.2 views

CVE-2026-7065 BidingCC BuildingAI Remote Upload API file-storage.service.ts uploadRemoteFile server-side request forgery

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

7.5CVSS7AI score0.00058EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.1 views

PT-2026-33712

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function process audio block of the file src/agentscope/agent/ agent base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the...

7.5CVSS5.4AI score0.00054EPSS
Exploits0References7
NVD
NVDadded 2026/04/03 4:16 p.m.0 views

CVE-2026-5470

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

6.5CVSS0.00043EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/31 12:0 a.m.2 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.67 and 9.7.0-alpha.11. These vulnerabilities stemmed from a flaw where attackers could...

9.1CVSS5.8AI score0.00041EPSS
Exploits0References5
CVE
CVEadded 2026/03/26 4:5 a.m.9 views

CVE-2026-4840

CVE-2026-4840 affects Netcore Power 15AX up to 3.0.0.6938, specifically the Diagnostic Tool Interface’s /bin/netis.cgi function setTools. The issue arises from manipulating the IpAddr argument, enabling an OS command injection. Remote exploitation is possible, and the exploit has been released pu...

9CVSS6.8AI score0.00218EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.3 views

PT-2026-26341

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...

5.4CVSS5.9AI score0.00056EPSS
Exploits0References7
EUVD
EUVDadded 2026/03/18 6:31 p.m.2 views

EUVD-2025-208833

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00018EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/18 12:0 a.m.1 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00018EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.1 views

PT-2026-26083

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS5.7AI score0.00018EPSS
Exploits0References5
Rows per page
Query Builder