Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

UbuntuCve
UbuntuCveadded 2026/05/18 9:16 p.m.7 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00027EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/05 1:15 p.m.3 views

CVE-2026-5569 Technostrobe HI-LED-WR120-G2 Endpoint access control

A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and coul...

7.5CVSS6.6AI score0.0007EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.3 views

PT-2025-22638 · Cyberdava · Cyberdava

Name of the Vulnerable Software and Affected Versions: CyberDAVA versions prior to 1.1.20 Description: A privilege escalation issue allows a low-privileged user to escalate their privilege by abusing the API endpoint "/api/v2/users/user//role/ROLE/" due to the lack of access control, potentially...

6.4CVSS7AI score0.0016EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/04/24 12:0 a.m.5 views

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from improper endpoint access control that allows certain admin users to import applications from the server file system...

4.1CVSS6.8AI score0.00078EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/04/21 12:0 a.m.2 views

Dremio 安全漏洞

Dremio is a data-as-a-service platform from Dremio, Inc. that provides a fast, self-service approach to data analysis. A security vulnerability exists in Dremio that stems from insufficient API endpoint access control and could lead to the deletion of arbitrary files by authenticated users...

8.4CVSS6.6AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/03/20 12:0 a.m.3 views

PT-2025-12319 · Man · D-Tale

Name of the Vulnerable Software and Affected Versions: man-group/dtale version 3.15.1 Description: A vulnerability in man-group/dtale allows an attacker to override global state settings to enable the enable custom filters feature, which is typically restricted to trusted environments. Once...

9.8CVSS9.6AI score
Exploits4References17
OSV
OSVadded 2024/04/03 5:15 p.m.2 views

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/04/15 12:0 a.m.3 views

PT-2023-17800 · Unknown · Moxi624 Mogu Blog

Name of the Vulnerable Software and Affected Versions: moxi624 Mogu Blog v2 up to 5.2 Description: A problematic issue has been found in the software, affecting the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolu...

6.5CVSS5AI score0.00333EPSS
Exploits1References9
Cvelist
Cvelistadded 2022/01/18 7:26 p.m.12 views

CVE-2021-44836

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...

4.9AI score0.00158EPSS
Exploits1References2
Rows per page
Query Builder