Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2025/10/22 2:59 p.m.2 views

EUVD-2025-35591

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

7.9CVSS7.5AI score0.00007EPSS
Exploits0References7
OSV
OSVadded 2024/04/24 5:6 p.m.3 views

GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...

8.8CVSS5.9AI score0.12686EPSS
Exploits1References9
Github Security Blog
Github Security Blogadded 2024/04/24 5:6 p.m.29 views

OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)

SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...

8.8CVSS8AI score0.12686EPSS
Exploits1References9Affected Software1
OSV
OSVadded 2024/03/15 7:55 p.m.3 views

CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

8.8CVSS8.8AI score0.12686EPSS
Exploits1References8
CNNVD
CNNVDadded 2023/02/28 12:0 a.m.1 views

Active IQ Unified Manager 安全漏洞

NetApp Active IQ Unified Manager is an ONTAP storage product monitoring and management solution from Network Appliance NetApp. The product supports features such as performance monitoring and secret key management. A security vulnerability exists in Active IQ Unified Manager. An attacker exploite...

6.5CVSS6.6AI score0.00165EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2018/07/24 3:39 p.m.82 views

Slack: Bypass of the SSRF protection in Event Subscriptions parameter.

The vulnerability is present in the "Event Subscriptions" parameter where: "Your app can subscribe to be notified of events in Slack for example, when a user adds a reaction or creates a file at a URL you choose. ". URL: https://api.slack.com/apps/YOUAPPCODE/event-subscriptions? When we add a sit...

0.4AI score
Exploits0
Kitploit
Kitploitadded 2016/10/11 9:27 p.m.25 views

PowerLurk - Malicious WMI Events using PowerShell

PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information:...

7AI score
Exploits0References2
Rows per page
Query Builder