Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2012-2945

Malware in sbrugna...

7.5CVSS6.2AI score0.01519EPSS
Exploits0References6
Prion
Prionadded 2023/08/16 9:15 p.m.6 views

Cross site request forgery (csrf)

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

2.6CVSS5.4AI score0.00216EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 5:0 a.m.1 views

SUSE CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...

8.3CVSS9.7AI score0.034EPSS
Exploits0References12
Snyk
Snykadded 2022/05/17 5:23 a.m.1 views

Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison due to the improper implementation of the == operator for comparisons. An attacker can exploit this flaw to manipulate or bypass security checks by crafting specific input that leads to unintended behavior...

7.5CVSS6.9AI score0.01519EPSS
Exploits0References2
OSV
OSVadded 2021/09/01 6:15 p.m.35 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS9.4AI score
Exploits0References3
AlpineLinux
AlpineLinuxadded 2021/09/01 5:30 p.m.37 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS7.6AI score0.00546EPSS
Exploits2References3
UbuntuCve
UbuntuCveadded 2016/08/11 12:0 a.m.31 views

CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...

8.3CVSS7.6AI score0.034EPSS
Exploits0References3
GoogleProjectZero
GoogleProjectZeroadded 2015/08/17 12:0 a.m.73 views

Attacking ECMAScript Engines with Redefinition

Posted by Natalie Silvanovich = function return n; ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have...

10CVSS10AI score0.93205EPSS
Exploits16
Rows per page
Query Builder