Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/05/13 3:32 p.m.7 views

SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

4.3CVSS5.8AI score0.00029EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/03/22 12:11 a.m.6 views

CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 is affected by a local denial-of-service vulnerability in the Storage-Path configuration parameter. The issue allows a local attacker to crash the application by supplying an excessively long string value; if Override Storage-Path is enabled, pasting a buffer of...

6.9CVSS6AI score0.00018EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/22 12:11 a.m.1 views

CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

6.9CVSS6AI score0.00018EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/02/12 1:43 p.m.5 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.00007EPSS
Exploits0References1
NVD
NVDadded 2026/02/11 9:15 a.m.2 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00007EPSS
Exploits0References5
CNVD
CNVDadded 2018/05/17 12:0 a.m.1 views

Code execution vulnerability in LOGA version 5.3.1

LOGA that is named "Limit Of Good AsThis" is a multi-language, multi-platform building system developed by Nuance. A code execution vulnerability exists in LOGA version 5.3.1. The vulnerability is caused by the program's failure to filter the saved content when saving configuration files, an...

8AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2012/10/08 6:55 p.m.1 views

CVE-2012-1416

Multiple cross-site request forgery CSRF vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrator accounts via a membernew action to myadmin/admin1members.php or 2 modify the default site title via a save action...

6.8CVSS5.3AI score0.01204EPSS
Exploits1References6
Rows per page
Query Builder