Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/19 9:54 p.m.8 views

CVE-2026-34390

MantisBT before 2.28.2 is affected by a Privilege Escalation in ProjectUsersAddCommand (manage_proj_user_add.php). A user with manage_project_threshold (default manager) can forge a higher access_level value and grant project-level administrator rights to any user within a project they manage, by...

5.1CVSS5.8AI score0.00015EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/19 9:54 p.m.5 views

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS5.8AI score0.00015EPSS
Exploits0References4
Snyk
Snykadded 2026/05/11 7:32 p.m.4 views

Access Control Bypass

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...

5.1CVSS5.8AI score0.00015EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/23 3:30 p.m.3 views

EUVD-2026-14415

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecospw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain...

8.7CVSS5.8AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.6 views

PT-2026-25967

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...

7.7CVSS6AI score0.00105EPSS
Exploits0References17
CNNVD
CNNVDadded 2026/01/28 12:0 a.m.2 views

Funambol security vulnerabilities

Funambol is a data synchronization framework developed by the Funambol company in the United States. Version Funambol v30.0.0.20 contains a security vulnerability. This vulnerability stems from the URL displayed in the thumbnail; attackers can decrypt and encrypt the parameters used by the...

6CVSS5.8AI score0.0001EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/01/07 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000312 advisory. An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to sen...

7.4CVSS7.2AI score0.00757EPSS
Exploits1References4
Rows per page
Query Builder