Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

57 matches found

OSV
OSVadded 2026/05/04 6:30 p.m.1 views

GHSA-FC3H-C6H7-R83J Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00114EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/14 11:54 p.m.3 views

EUVD-2026-22816

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00032EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/20 6:31 p.m.1 views

EUVD-2026-13734

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

5.8AI score0.00045EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : cockpit-311.2-1.el9_4.ML.1 (AXSA:2024-8451:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8451:13 advisory. cockpit: command injection when deleting a sosreport with a crafted name CVE-2024-2947 CVE-2024-2947 A flaw was found in Cockpit. Deleting a sosreport with a...

7.3CVSS5.7AI score0.00031EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-10989

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2017-3650

Malware in sbrugna...

7.5CVSS7.6AI score0.00593EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-4911

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00469EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-43880

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00356EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2025/09/25 12:0 a.m.1 views

VulnCheck KEV: CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

10CVSS6.7AI score0.9254EPSS
In wildExploits1References2
Positive Technologies
Positive Technologiesadded 2025/08/29 12:0 a.m.1 views

PT-2025-35216

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A weakness exists in mtons mblog due to cross site scripting. The issue affects unknown processing of the file /admin/role/list. Manipulation of the Name argument causes the issue. The exploit has...

5.3CVSS3.5AI score0.00062EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/05/22 4:46 p.m.4 views

CVE-2020-6586

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered...

5.4CVSS6AI score0.07329EPSS
Exploits0References1
OSV
OSVadded 2025/05/16 1:15 p.m.1 views

DEBIAN-CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

5.3CVSS6.3AI score0.00758EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/01/10 12:0 a.m.1 views

fcgi2 安全漏洞

fcgi2 is a FastCGI developer's toolkit from FastCGI-Archives open source. A security vulnerability exists in fcgi2 versions 2.x through 2.4.4, which stems from the presence of an integer overflow that allows an attacker to send data to an IPC socket with a carefully crafted nameLen or valueLen...

9.3CVSS8.3AI score0.00135EPSS
Exploits0References2
OSV
OSVadded 2024/10/09 4:15 p.m.3 views

UBUNTU-CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

7.5CVSS6AI score0.008EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/03/28 6:31 p.m.25 views

CVE-2024-2947 Cockpit: command injection when deleting a sosreport with a crafted name

A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer...

7.3CVSS7.1AI score0.00031EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/03/11 12:0 a.m.12 views

CVE-2024-28823

Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...

5.6AI score0.00118EPSS
Exploits0References2
NVD
NVDadded 2023/12/10 7:15 p.m.8 views

CVE-2023-50456

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...

5.3CVSS0.00127EPSS
Exploits0References1
OSV
OSVadded 2023/08/02 9:15 a.m.0 views

UBUNTU-CVE-2023-3401

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2023/08/01 2:15 a.m.0 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS6.1AI score0.93989EPSS
Exploits9References6
SUSE CVE
SUSE CVEadded 2023/02/15 5:5 a.m.1 views

SUSE CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository...

8.8CVSS9AI score0.0283EPSS
Exploits0References8
Rows per page
Query Builder