Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/01 8:34 p.m.11 views

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

6.3CVSS5.8AI score0.00031EPSS
Exploits0References4
OSV
OSVadded 2026/05/01 8:34 p.m.3 views

EEF-CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends ever...

8.7CVSS5.8AI score0.00081EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.2 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 1.11.0, which stems from an API key being exposed in plaintext to the front-end, which could lead to unauthorized access to third-party services...

8.4CVSS6.4AI score0.00041EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/10/17 12:0 a.m.1 views

Mammoth 安全漏洞

Mammoth is a tool for converting Word documents to HTML by the individual developer Michael Williamson. A security vulnerability exists in mammoth version 0.3.25 and versions prior to 1.11.0, which stems from a lack of path or file type validation when processing docx files, and could lead to a...

9.3CVSS6.3AI score0.00254EPSS
Exploits0References7
OSV
OSVadded 2024/10/04 6:15 p.m.2 views

CVE-2024-41512

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...

8.8CVSS6.1AI score
Exploits0References3
CNNVD
CNNVDadded 2023/01/14 12:0 a.m.1 views

Izanami 信任管理问题漏洞

Izanami is a shared configuration, feature flipping, and A/B testing server that is ideally suited for microservices architecture implementations. A security vulnerability exists in Izanami versions prior to 1.11.0 that stems from an attacker being able to bypass authentication in this applicatio...

9.8CVSS8.3AI score0.00437EPSS
Exploits1References3
CNVD
CNVDadded 2019/06/19 12:0 a.m.1 views

Apache Allura Cross-Site Scripting Vulnerability

Apache Allura is the United States Apache Apache Software Foundation's set of open source project hosting platform. The platform supports the management of source code repositories, bug reports, wiki pages and blogs. A cross-site scripting vulnerability exists in the user drop-down selector in...

6.1CVSS6.5AI score0.0089EPSS
Exploits0References1
Rows per page
Query Builder