Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/26 5:27 p.m.3 views

CVE-2026-44775

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

6.9CVSS5.7AI score0.00088EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/26 5:27 p.m.5 views

CVE-2026-44775

Kavita CVE-2026-44775 affects the Kavita reader server prior to v0.9.0, where ReaderController.GetImage allowed unauthenticated access to page images across libraries because the endpoint was decorated with [AllowAnonymous] and the apiKey parameter was never validated. An unauthenticated actor co...

6.9CVSS5.7AI score0.00088EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/26 5:27 p.m.4 views

CVE-2026-44775 Kavita: No authentication at /api/Reader/image

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

6.9CVSS5.7AI score0.00088EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

6.9CVSS5.8AI score0.00088EPSS
Exploits0References2
NVD
NVDadded 2026/04/14 1:16 a.m.0 views

CVE-2026-34264

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

6.5CVSS0.00053EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/14 12:0 a.m.4 views

SAP Human Capital Management 安全漏洞

SAP Human Capital Management is a corporate human resources management and employee lifecycle management system developed by the German company SAP. There is a security vulnerability in SAP Human Capital Management. This vulnerability stems from specific messages returned by the system during...

6.5CVSS5.8AI score0.00053EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/01/31 12:0 a.m.3 views

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

7.5CVSS5.9AI score0.0247EPSS
Exploits1References3
Rows per page
Query Builder