Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

NVD
NVDadded 2026/03/23 10:16 p.m.2 views

CVE-2026-32911

Rejected reason: This CVE ID has been rejected...

Exploits0
Cvelist
Cvelistadded 2026/03/23 9:36 p.m.18 views

CVE-2026-32911

...

Exploits0
OSV
OSVadded 2026/02/09 6:12 p.m.3 views

CVE-2026-23948 FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...

6.9CVSS5.6AI score0.00022EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/01/21 12:0 a.m.3 views

PT-2026-3873

Name of the Vulnerable Software and Affected Versions Flux Operator versions 0.36.0 through 0.39.9 Description The Flux Operator, a Kubernetes CRD controller, contains a flaw in its Web UI authentication code. This issue allows an attacker to bypass Kubernetes RBAC impersonation and execute API...

5.3CVSS5.5AI score0.00086EPSS
Exploits0References12
OSV
OSVadded 2024/09/09 3:15 p.m.3 views

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

3.1CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/09/09 12:0 a.m.3 views

PT-2024-38768 · Rapid7 · Rapid7 Insight Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Platform versions between November 2019 and August 14, 2024 Description: The issue is related to missing authorization in the Rapid7 Insight Platform, allowing an attacker to intercept local requests and potentially add an empt...

3.1CVSS6.9AI score0.0002EPSS
Exploits0References8
Prion
Prionadded 2023/11/20 7:15 p.m.14 views

Design/Logic Flaw

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5CVSS6.9AI score0.00295EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2022/02/17 12:0 a.m.2 views

PT-2022-13320

Name of the Vulnerable Software and Affected Versions url-parse versions prior to 1.5.7 Description The issue allows for authorization bypass through a user-controlled key. A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, will return the...

10CVSS7.1AI score0.01747EPSS
Exploits7References43
OSV
OSVadded 2019/09/11 10:15 p.m.1 views

CVE-2019-5054

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

7.5CVSS5.8AI score0.11209EPSS
Exploits1References1
OSV
OSVadded 2010/10/14 5:57 a.m.1 views

DEBIAN-CVE-2010-3071

bip before 0.8.6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an empty USER command...

5CVSS6.8AI score0.0188EPSS
Exploits0References1
Rows per page
Query Builder