Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:18 p.m.6 views

CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.6AI score0.02832EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/19 3:53 p.m.13 views

EUVD-2026-30952

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS6AI score0.0005EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/13 9:16 p.m.8 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00061EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/11 6:31 p.m.8 views

EUVD-2026-29093

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS6AI score0.00039EPSS
Exploits1References3
OSV
OSVadded 2026/04/04 6:8 a.m.2 views

GHSA-Q75C-4GMV-MG9X Directus: Open Redirect in Admin 2FA Setup Page

Summary Directus is vulnerable to an Open Redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing t...

4.3CVSS5.9AI score0.00027EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/07 7:59 a.m.3 views

CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

4.3CVSS5.8AI score0.00049EPSS
Exploits0References1
OSV
OSVadded 2018/06/07 2:29 a.m.1 views

UBUNTU-CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

5.9CVSS6.6AI score0.00385EPSS
Exploits0References4
Rows per page
Query Builder