Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 4:4 a.m.8 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288...

5.4CVSS6.2AI score0.00042EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/31 8:30 p.m.14 views

Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].

Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

5.4CVSS5AI score0.03261EPSS
Exploits2Affected Software4
OSV
OSVadded 2024/11/09 1:15 a.m.1 views

CVE-2024-52311

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired...

5.3CVSS7AI score
Exploits0References3
CNNVD
CNNVDadded 2024/11/09 12:0 a.m.2 views

data.all 安全漏洞

data.all is an open source development framework from data-dot-all open source. A security vulnerability exists in data.all that stems from the fact that authentication tokens issued via Cognito in data.all do not expire upon logout, allowing previously authenticated users to continue to perform...

6.3CVSS6.8AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/11/08 12:0 a.m.6 views

PT-2024-35171 · Amazon · Amazon Cognito

Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...

6.3CVSS6.9AI score0.00313EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2024/10/30 12:0 a.m.2 views

PT-2024-8210

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 5.0.30 MongoDB Server versions prior to 6.0.19 MongoDB Server versions prior to 7.0.15 MongoDB Server versions prior to and including 8.0.2 Description: The issue is related to the construction of malformed BS...

8.1CVSS6.8AI score0.00758EPSS
Exploits0References12
OSV
OSVadded 2023/01/11 10:15 p.m.2 views

CVE-2017-16258

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS6.4AI score
Exploits0References1
NVD
NVDadded 2019/04/04 3:29 p.m.14 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

9CVSS6.9AI score0.00489EPSS
Exploits1References4
Rows per page
Query Builder