Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.6 views

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS5.5AI score0.00245EPSS
Exploits0References1
NVD
NVDadded 2026/02/26 12:16 a.m.7 views

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/26 12:0 a.m.5 views

CVE-2026-27812 Sub2API Vulnerable to Password Reset Poisoning via Host Header Trust Issue, Leading to Account Takeover

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS5.5AI score0.00245EPSS
Exploits0References1
EUVD
EUVDadded 2026/02/26 12:0 a.m.6 views

EUVD-2026-8782

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS5.5AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.1 views

Devy Mega-Fence 安全漏洞

Devy Mega-Fence is a middleware for traffic control and online queuing from Devy Korea. A security vulnerability exists in Devy Mega-Fence versions 25.1.914 and earlier, which stems from trusting the X-Forwarded-For header value and could lead to client-side IP spoofing...

6.5CVSS6.6AI score0.00227EPSS
Exploits1References3
NVD
NVDadded 2025/12/09 12:15 a.m.7 views

CVE-2025-66204

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying X-Forwarded-For on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The...

8.1CVSS0.00402EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2025/12/08 12:0 a.m.8 views

PT-2025-49680

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5 Description WBCE CMS is a content management system susceptible to a brute-force protection bypass. An attacker can reset the attempt counter by manipulating the X-Forwarded-For header with each request, enabli...

8.1CVSS6.7AI score0.00402EPSS
Exploits2References9
Rows per page
Query Builder