Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/11 9:6 p.m.6 views

CVE-2026-43886 Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...

8.2CVSS5.8AI score0.00029EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/04 12:0 a.m.5 views

PT-2025-36101

Name of the Vulnerable Software and Affected Versions: FreePBX versions prior to 15.0.13 FreePBX versions 16.0.2 through 16.0.14 FreePBX versions 17.0.1 and 17.0.2 Description: The api module for FreePBX, an open-source GUI for Asterisk, is susceptible to an issue where a shared OAuth private key...

5.1CVSS6.5AI score0.00089EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/02/05 8:12 p.m.5 views

CVE-2022-22526

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API...

9.8CVSS7.1AI score0.00349EPSS
Exploits0References1
OSV
OSVadded 2024/03/27 7:15 p.m.0 views

UBUNTU-CVE-2024-28233

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API...

8.1CVSS7.1AI score0.0011EPSS
Exploits0References4
CNNVD
CNNVDadded 2022/09/28 12:0 a.m.1 views

Carlo Gavazzi UWP 访问控制错误漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. for applications such as building automation, energy efficiency performance management, and parking lot guidance. Carlo Gavazzi UWP 3.0 suffers from an Access Control Error vulnerability that stems from a lac...

9.8CVSS8.3AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/09/13 12:0 a.m.2 views

PT-2022-4910 · Talos · Talos

Name of the Vulnerable Software and Affected Versions: Talos versions prior to 1.2.2 Description: The issue is related to improper validation of the request while signing a worker node CSR, which might allow a Talos control plane node to issue a Talos API certificate with full access to the Talos...

9CVSS6.2AI score0.00273EPSS
Exploits0References9
OSV
OSVadded 2019/06/21 2:15 p.m.0 views

UBUNTU-CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

9.8CVSS7.2AI score0.00329EPSS
Exploits0References3
Rows per page
Query Builder