Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2025/12/09 1:16 a.m.3 views

CVE-2025-66491

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...

5.9CVSS0.00009EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/11/21 12:0 a.m.2 views

PT-2024-33891 · Myscada · Myscada Mypro Manager

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The issue arises from insufficient verification of the user-controlled filename parameter by the back-end, allowing an attacker to perform a path traversal attack. This enable...

8.7CVSS7AI score0.0016EPSS
Exploits0References5
Huntr
Huntradded 2023/05/31 10:25 a.m.20 views

The web app does not verify weak password at backend

Description Access and login to the demo website: https://cloudexplorer-lite-demo.fit2cloud.com/ At changing password function, the backend does not verify weak passwords so that user can do: 1/ Set new password as same as old password. 2/ Set new password by one character, such as 1. This case c...

6.5CVSS7.1AI score0.0009EPSS
Exploits1
Huntr
Huntradded 2021/12/25 7:53 a.m.37 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Title Stored XSS in customattributes Description Relying on frontend URI check without verifying it on the backend allows to inject arbitrary JS code. Steps to reproduce 1. 1. Create a custom attribute, set its type to Link 2. 2. Navigate to any conversation, click on the right sidebar. 3. 3...

4.3CVSS0.9AI score0.00341EPSS
Exploits1
Hacker One
Hacker Oneadded 2019/08/11 2:34 p.m.12 views

Priceline: Account takeover via Google OneTap

Summary: It's possible to take over any priceline.com user's account knowing their email. The only requirement is that the victim's email domain is not registered with Google's Gsuite. The root cause of this issue is that the backend does not verify whether the email provided is a confirmed one...

0.7AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2015/12/03 5:42 p.m.1 views

OpenShift: pod log location must validate container if provided

It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References5
myhack58
myhack58added 2013/10/20 12:0 a.m.20 views

Cheng's dance CMSPHP3. 0 stored xss getshell-a vulnerability warning-the black bar safety net

This cms before 9 0 someone made a getshell,when is background verification file problem The official website has been patched, so again, source Because the backend login will also need the authentication code so the injection didn't see. There xss Vulnerability file user/member/skinedit.php trtd...

Exploits0
Rows per page
Query Builder