Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/07 2:16 a.m.3 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS0.00009EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.7 views

PT-2026-38322

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS6.2AI score0.00009EPSS
Exploits1References2
OSV
OSVadded 2026/04/15 7:43 p.m.0 views

GHSA-MVVV-V22X-XQWP NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins

Summary NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost. Vulnerable Code 1. Workflow HTTP...

6.5CVSS6AI score0.00015EPSS
Exploits1References6
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.2 views

pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad 0.5.0b3.dev96 and earlier have code vulnerabilities. These vulnerabilities stem from the parseurls API function’s lack of URL validation and protocol restrictions, which may allow authenticated users to access interna...

7.7CVSS5.9AI score0.0004EPSS
Exploits1References3
OSV
OSVadded 2026/02/26 3:18 p.m.2 views

GHSA-MPF7-P9X7-96R3 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...

5.8CVSS5.9AI score0.00047EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/10/10 1:31 a.m.2 views

CVE-2025-0038

In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality...

6.6CVSS6.9AI score0.00028EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/06/09 12:0 a.m.1 views

AMD Versal Adaptive SoC 输入验证错误漏洞

AMD Versal Adaptive SoC is a chip from Ultra Micro Semiconductor AMD. The AMD Versal Adaptive SoC suffers from an input validation error vulnerability that stems from a missing address validation, which could result in access to a protected memory space...

6.6CVSS6.6AI score0.0007EPSS
Exploits0References1
Rows per page
Query Builder