Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/03/26 12:0 a.m.4 views

Frigate 安全漏洞

Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by improper access control, which may lead to the exposure of sensitive configuration information...

6.5CVSS5.8AI score0.00047EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2026/02/06 9:30 p.m.177 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

10CVSS5.7AI score0.94428EPSS
Exploits433
Cvelist
Cvelistadded 2026/02/06 4:47 p.m.30 views

CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

0.00054EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/27 9:23 p.m.20 views

CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

6.9CVSS0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/05/08 10:5 a.m.4 views

CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220

WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...

8.7CVSS6.3AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/05/22 12:0 a.m.2 views

PT-2023-23742 · Teltonika · Teltonika Rut

Name of the Vulnerable Software and Affected Versions: Teltonika RUT router firmware versions 00.07.00 through 00.07.03.4 Description: The packet dump utility in the firmware contains proper validation for filter parameters, but the variables for validation checks are stored in an external...

8.8CVSS8.6AI score0.001EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2018/08/20 12:0 a.m.2 views

PT-2018-1519 · Containous · Traefik

Name of the Vulnerable Software and Affected Versions: Containous Traefik versions 1.6.x through 1.6.5 Description: The issue is related to errors in the implementation of the API in the Containous Traefik reverse proxy server. If the --api option is used and authentication is missing, the...

7.8CVSS7.5AI score0.00369EPSS
Exploits0References14
Hacker One
Hacker Oneadded 2017/06/01 2:53 a.m.21 views

U.S. Dept Of Defense: Exposed FTP Credentials on ███████

Summary: An exposed configuration file leaks FTP credentials to a DoD server. Description: The config file hosted onftp://█████████/pub/misc/FTP███████Sign.exe.config exposes a username █████████ and associated password ███████. These are valid credentials for the FTP server operating on...

1.3AI score
Exploits0
Rows per page
Query Builder