Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/02/11 10:18 p.m.2 views

CVE-2026-26215 manga-image-translator Shared API Unsafe Deserialization RCE

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. The FastAPI endpoints /simpleexecute/method and /execute/method deserialize attacker-controlled request bodies using...

9.3CVSS6.6AI score0.0016EPSS
Exploits1References6
CVE
CVEadded 2026/02/11 10:18 p.m.11 views

CVE-2026-26215

CVE-2026-26215 affects manga-image-translator, beta-0.3 and earlier, in shared API mode. The vulnerability is an unsafe deserialization via Python's pickle.loads() in FastAPI endpoints /simple_execute/{method} and /execute/{method}, processing attacker-controlled request bodies without validation...

9.3CVSS6.6AI score0.0016EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/01/25 9:16 a.m.4 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.5AI score0.00009EPSS
Exploits0References1
OSV
OSVadded 2022/12/31 1:15 a.m.2 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/12/31 12:0 a.m.1 views

PT-2022-28120 · Mellium · Mellium.Im/Sasl

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/sasl versions prior to 0.3.1 Description: An issue was discovered in Mellium mellium.im/sasl when performing SCRAM-based SASL authentication. If the remote end advertises support for channel binding, no random nonce is...

9.8CVSS9.4AI score0.00437EPSS
Exploits0References10
OSV
OSVadded 2020/12/09 5:15 p.m.1 views

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS7.2AI score0.00267EPSS
Exploits1References2
Snyk
Snykadded 2020/10/16 4:53 p.m.1 views

Improper Authentication

Overview react-adal is an Azure Active Directory Library ADAL support for ReactJS. Affected versions of this package are vulnerable to Improper Authentication. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly...

8.2CVSS6.3AI score0.00267EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2014/12/24 12:0 a.m.3 views

PT-2014-8999 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue allows remote attackers to conduct cross-site request forgery CSRF attacks. This is possible due to the improper handling of empty nonces, which can lead to the hijacking ...

6.8CVSS6.8AI score0.00415EPSS
Exploits1References10
Rows per page
Query Builder