Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/04/16 9:23 p.m.2 views

GHSA-QQVM-66Q4-VF5C Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Summary Flowise introduced SSRF protections through a centralized HTTP security wrapper httpSecurity.ts that implements deny-list validation and IP pinning logic. However, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axiosInstead of using the secured...

5.3CVSS5.9AI score0.00051EPSS
Exploits1References3
NVD
NVDadded 2026/02/18 5:21 p.m.5 views

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

7.5CVSS0.00281EPSS
Exploits1References2
Fedora
Fedoraadded 2025/10/15 1:1 a.m.5 views

[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

5.9CVSS6.9AI score0.00175EPSS
Exploits0
Fedora
Fedoraadded 2025/10/14 10:22 p.m.4 views

[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-1.fc43

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

5.9CVSS6.9AI score0.00175EPSS
Exploits0
NVD
NVDadded 2014/10/06 2:55 p.m.15 views

CVE-2014-0140

Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request...

4CVSS6.2AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelistadded 2005/02/20 5:0 a.m.10 views

CVE-2004-1662

YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message...

6.1AI score0.00462EPSS
Exploits1References3
NVD
NVDadded 2004/12/31 5:0 a.m.13 views

CVE-2004-2506

Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file...

5CVSS6.1AI score0.00357EPSS
Exploits0References4
NVD
NVDadded 2004/05/02 4:0 a.m.8 views

CVE-2004-1984

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to 1 phpinfo.php, 2 addpic.php, 3 config.php, 4 dbinput.php, 5 displayecard.php, 6 ecard.php, 7 crop.inc.php, which reveal the full path in a PHP error message...

5CVSS6.2AI score0.0055EPSS
Exploits1References12
Rows per page
Query Builder