Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-40876

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.8CVSS5.5AI score0.00059EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/17 12:0 a.m.6 views

Metasoft MetaCRM 访问控制错误漏洞

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft, a Chinese company. Versions of Metasoft MetaCRM 6.4.0 Beta06 and earlier contained a access control error vulnerability. This vulnerability stemmed from an improper handling of the File parameter by an...

7.5CVSS7.1AI score0.0005EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/09 2:43 a.m.2 views

SUSE CVE-2026-40883

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because...

8.1CVSS5.8AI score0.00024EPSS
Exploits1References3
NVD
NVDadded 2026/04/21 8:17 p.m.1 views

CVE-2026-40884

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

9.8CVSS0.00098EPSS
Exploits1References1
NVD
NVDadded 2026/04/21 8:17 p.m.1 views

CVE-2026-40885

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...

8.8CVSS0.00095EPSS
Exploits1References1
CVE
CVEadded 2026/04/21 7:35 p.m.4 views

CVE-2026-40883

Summary of CVE-2026-40883 (goshs) : A cross-site request forgery in goshs’ state-changing HTTP GET routes allows an attacker to trigger destructive actions (e.g., deleting files, creating directories) on an authenticated victim’s browser because authentication relies only on HTTP basic auth and n...

8.1CVSS5.7AI score0.00024EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2025/06/25 2:2 p.m.2 views

EUVD-2025-28274

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled...

8.1CVSS5.7AI score0.10124EPSS
Exploits0References1
CNNVD
CNNVDadded 2021/03/01 12:0 a.m.2 views

ZendTo 跨站脚本漏洞

ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A cross-site scripting vulnerability exists in versions prior to ZendTo 6.06-4 Beta during the display of drop-down menus with file names containing unexpect...

6.1CVSS5.2AI score0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2011/02/03 5:0 p.m.1 views

CVE-2009-5052

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors...

10CVSS5.5AI score0.00603EPSS
Exploits0References2
Rows per page
Query Builder