Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/05/06 11:31 p.m.3 views

webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed

Summary webauthn-rs-core Relying Partyrp and webauthn-authenticator-rs client checked that an Origin in CollectedClientDataorigin is valid for an RP IDrpid with str::endswithends-with, without checking for a dot . before the RP ID when allowing subdomainsregisterable-suffix. This check is flawed,...

5.9AI score
Exploits0References2Affected Software2
Positive Technologies
Positive Technologiesadded 2023/07/06 12:0 a.m.5 views

PT-2023-25718 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry versions 23.6.0 through 23.6.1 Description: Sentry is an error tracking and performance monitoring platform. The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends wi...

6.8CVSS5.6AI score0.00543EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2022/09/15 12:0 a.m.2 views

PT-2022-28288 · Ransack +2 · Ransack +2

Name of the Vulnerable Software and Affected Versions: pageflow versions prior to 14.5.2 pageflow versions prior to 15.7.1 Description: The issue allows attackers to extract sensitive properties of database objects associated with users or entries belonging to an account they have access to. This...

7.2AI score
Exploits0References4
Veracode
Veracodeadded 2020/04/21 5:28 a.m.18 views

SQL Injection

tortoise orm is vulnerable to SQL injection. An attacker is able to inject and execute arbtirary SQL statements via the contains, startswith or endswith filters...

8.8CVSS6.9AI score0.01038EPSS
Exploits0References3Affected Software1
PyPA
PyPAadded 2020/04/20 10:15 p.m.5 views

PYSEC-2020-144

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...

8.8CVSS8.1AI score0.01038EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2018/07/31 9:29 p.m.3 views

ALPINE-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

7.5CVSS6.9AI score0.05915EPSS
Exploits0References1
OSV
OSVadded 2016/12/22 9:59 p.m.1 views

DEBIAN-CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS6.8AI score0.01987EPSS
Exploits0References1
OSV
OSVadded 2016/12/22 9:59 p.m.0 views

UBUNTU-CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS7AI score0.01987EPSS
Exploits0References4
Rows per page
Query Builder