Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86910 matches found

CVE
CVEadded 2026/05/11 6:12 p.m.12 views

CVE-2026-45223

Crabbox prior to 0.9.0 contains an authentication bypass in the coordinator’s user-token verification path. The verifyUserToken() function fails to reject payloads with an admin: true claim, enabling an attacker with access to a non-admin token to craft a user-token payload, sign it with HMAC-SHA...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/11 6:12 p.m.31 views

CVE-2026-45223 Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...

8.8CVSS0.00382EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/11 5:40 p.m.7 views

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References1
CVE
CVEadded 2026/05/11 5:40 p.m.17 views

CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/11 5:40 p.m.4 views

CVE-2026-42860

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/11 5:40 p.m.57 views

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

8.5CVSS0.00301EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/11 5:30 p.m.6 views

CVE-2026-42858

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

8.5CVSS6AI score0.00374EPSS
Exploits1References4
CVE
CVEadded 2026/05/11 5:30 p.m.13 views

CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

9.9CVSS6AI score0.00374EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/05/11 5:30 p.m.33 views

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

8.5CVSS0.00374EPSS
Exploits1References3
Snyk
Snykadded 2026/05/11 5:18 p.m.8 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Config::toArray function. An attacker can access sensitive configuration data, including plugin secrets, by...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References2
NVD
NVDadded 2026/05/11 5:16 p.m.10 views

CVE-2026-44737

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the dataheadertitle parameter. As a result,...

6.2CVSS0.00256EPSS
Exploits0References2
NVD
NVDadded 2026/05/11 5:16 p.m.14 views

CVE-2026-42843

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

8.8CVSS0.0035EPSS
Exploits1References1
NVD
NVDadded 2026/05/11 5:16 p.m.10 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS0.00622EPSS
Exploits0References2
NVD
NVDadded 2026/05/11 5:16 p.m.12 views

CVE-2026-44738

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets...

7.7CVSS0.00276EPSS
Exploits1References1
NVD
NVDadded 2026/05/11 5:16 p.m.13 views

CVE-2026-42842

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the...

5.4CVSS0.0015EPSS
Exploits0References2
CVE
CVEadded 2026/05/11 4:32 p.m.14 views

CVE-2026-42312

pyload-ng contains a vulnerability (CVE-2026-42312) where a non-admin user with SETTINGS permission can disable TLS peer/hostname verification by setting general.ssl_verify off. The root cause is that the option is not in the ADMIN_ONLY_CORE_OPTIONS allowlist, so set_config_value() writes are all...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/11 4:32 p.m.8 views

CVE-2026-42312

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

8.8CVSS5.8AI score0.00815EPSS
Exploits5References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/11 4:32 p.m.5 views

CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/11 4:32 p.m.36 views

CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS0.00174EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/11 4:32 p.m.7 views

EUVD-2026-29120

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1
Rows per page
Query Builder