Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.8 views

PT-2026-48807

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References5
CVE
CVEadded 2026/01/26 10:4 a.m.10 views

CVE-2025-59098

CVE-2025-59098 describes a trace/debug facility in the dormakaba Access Manager. The trace is exposed via a plain TCP socket with no authentication or encryption, and TraceClient.exe can connect through the web interface to receive debug output. The verbosity is configurable via HTTP(S) with the ...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/09 12:34 p.m.5 views

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

1.9CVSS6.6AI score0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/03 9:18 p.m.2 views

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

6.9CVSS6.2AI score0.00548EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2022-15826

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00602EPSS
Exploits1References1
0day.today
0day.todayadded 2024/10/30 12:0 a.m.251 views

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure Vulnerability

ABB Cylon Aspect version 3.08.01 is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page:...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2022/03/28 6:15 p.m.5 views

CVE-2022-0770

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access t...

8.8CVSS5.5AI score0.00602EPSS
Exploits1References2
NVD
NVDadded 2022/03/28 6:15 p.m.12 views

CVE-2022-0770

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access t...

8.8CVSS0.00602EPSS
Exploits1References1
Rows per page
Query Builder