Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

352 matches found

Nuclei
Nucleiadded 6 hours ago935 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.3AI score0.83646EPSS
Exploits0References5
GithubExploit
GithubExploitadded 3 days ago53 views

coruna

iOS Orchestrator — Coruna Web server, C2 listener, and intera...

8.8CVSS6AI score0.00618EPSS
Exploits6
GithubExploit
GithubExploitadded 4 days ago50 views

System-Exploitation-Compromising

💀 System Exploitation & Compromising CAP 6135 – Cyber Lab...

7.5CVSS6.6AI score0.87203EPSS
Exploits8
GithubExploit
GithubExploitadded 2026/05/17 6:54 p.m.51 views

chrome-148-exploit-poc

World Fun Zone - 2026 Security Research Framework Conferen...

5.8AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/26 2:59 p.m.1 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00484EPSS
Exploits1References1
Malwarebytes
Malwarebytesadded 2026/03/19 12:27 p.m.3 views

A DarkSword hangs over unpatched iPhones

Researchers at Google have identified an iOS exploit chain, named DarkSword, that has been used since late last year by multiple actors to infect iPhones with malware in targeted attacks. DarkSword combines six vulnerabilities in iOS and Safari to deploy malware on the device. It demonstrates, on...

7.8CVSS6.1AI score0.00455EPSS
Exploits4
EUVD
EUVDadded 2026/03/12 8:32 p.m.1 views

EUVD-2026-11611

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS...

9.6CVSS5.8AI score0.00484EPSS
Exploits1References5
NVD
NVDadded 2026/03/12 5:16 p.m.0 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS0.00484EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/03/12 4:48 p.m.4 views

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00484EPSS
Exploits1References1
CVE
CVEadded 2026/03/12 4:48 p.m.6 views

CVE-2026-28792

Technical details (affected components, root cause, exploit data, or remediation specifics) are not provided in the connected documents. Monitor for updates.

9.6CVSS5.9AI score0.00484EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.1 views

PT-2026-25012

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

9.6CVSS5.9AI score0.00484EPSS
Exploits1References16
Malwarebytes
Malwarebytesadded 2026/03/11 2:56 p.m.3 views

Sextortion “I recorded you” emails reuse passwords found in disposable inboxes

Our malware removal support team recently flagged a new wave of sextortion emails, with the subject line: “You pervert, I recorded you!” If the message sounds familiar, that's because it's a variation of the long-running "Hello pervert" scam. The email claims the target’s device has been infected...

5.7AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/02/23 1:31 p.m.3 views

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

6.5CVSS5.5AI score0.00061EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/02/21 9:18 a.m.3 views

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

5.9CVSS5.6AI score0.00061EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Stormadded 2025/10/13 12:0 a.m.106 views

📄 Packet Storm Missing Cache Header

Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in a browser post-logout and see the page from the local browser cache. As shared computing situations can allow this to lead to an information disclosure issue, it was immediately...

6AI score
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-8716

Malware in sbrugna...

5.3CVSS5.5AI score0.06253EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2025/10/06 5:13 p.m.2 views

CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

2.1CVSS6.7AI score0.00044EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2025/10/02 11:22 p.m.2 views

SUSE CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

6.1CVSS6.8AI score0.00044EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/10/01 10:1 p.m.6 views

CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

2.1CVSS0.00044EPSS
Exploits1References4
OSV
OSVadded 2025/10/01 10:1 p.m.4 views

CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

2.1CVSS6.6AI score0.00044EPSS
Exploits1References6
Rows per page
Query Builder