Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Vulnrichment
Vulnrichmentadded 2026/02/18 9:10 p.m.2 views

CVE-2026-27177 MajorDoMo Stored Cross-Site Scripting via Property Set Endpoint

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrat...

7.2CVSS5.2AI score0.00047EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/12/16 2:49 p.m.2 views

CVE-2025-34412

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy,...

6.9CVSS6.7AI score0.00075EPSS
Exploits0References1
NVD
NVDadded 2025/12/15 3:15 p.m.2 views

CVE-2025-34412

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it identified a vulnerability in a SaaS product that does not require user action...

0.00075EPSS
Exploits0
OSV
OSVadded 2025/10/28 2:15 p.m.0 views

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00017EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2023/08/02 8:28 a.m.33 views

CVE-2023-4055

The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...

7.5CVSS6.8AI score0.00371EPSS
Exploits0References7
GithubExploit
GithubExploitadded 2023/04/23 11:32 p.m.2 views

Exploit for Cross-site Scripting in Cudy Lt400_Firmware

CVE-2023-31853 Reflected cross-site scripting XSS attack ex...

6.1CVSS5.5AI score0.00176EPSS
Exploits2
SUSE CVE
SUSE CVEadded 2023/02/15 5:49 a.m.3 views

SUSE CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS8.7AI score0.3296EPSS
Exploits0References8
CNNVD
CNNVDadded 2022/12/27 12:0 a.m.1 views

nsupdate.info 安全漏洞

nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...

5.3CVSS5.1AI score0.00253EPSS
Exploits0References5
OSV
OSVadded 2017/06/08 9:29 p.m.3 views

CVE-2017-1319

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...

7.5CVSS5.8AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder