Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

Github Security Blog
Github Security Blogadded 2026/01/09 7:21 p.m.17 views

WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

9.9CVSS7.7AI score0.01747EPSS
Exploits1References5Affected Software1
CNVD
CNVDadded 2025/08/31 12:0 a.m.2 views

WordPress Plugin All Bootstrap Blocks Access Control Break Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control disruption vulnerability exists in the WordPress plugin All Bootstrap Blocks, which...

6.5CVSS6.7AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/02/19 12:0 a.m.2 views

PT-2025-7412 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.8, including 8.3.x Description: The product does not perform an authorization check when an actor attempts to access a resource or perform an action. This...

6.5CVSS7.2AI score0.00309EPSS
Exploits0References6
BDU FSTEC
BDU FSTECadded 2025/02/17 12:0 a.m.3 views

The vulnerability of the application software interface of the Knowledge Space integrated planning platform lies in the lack of verification of the user’s authority to access the object. This allows a malicious actor to gain access to configuration information.

The vulnerability of the application programming interface of the Knowledge Space integrated planning platform is related to the lack of verification of the user’s authority to access the object. Exploiting this vulnerability allows a malicious actor to obtain access to configuration information ...

4.3CVSS5.5AI score
Exploits0Affected Software1
Cvelist
Cvelistadded 2025/02/14 12:44 p.m.17 views

CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability

Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...

6.5CVSS0.00373EPSS
Exploits0References1
Rows per page
Query Builder