Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 3 days ago4 views

CVE-2026-50214

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.8CVSS5.6AI score0.00019EPSS
Exploits0References1
CVE
CVEadded 4 days ago9 views

CVE-2026-50214

The CVE-2026-50214 entry concerns the /v1/Plan service that relies entirely on a shared global API token for full administrative management, enabling arbitrary creation of zero-cost network access plans. According to the NVD entry, this leads to critical impact across confidentiality, integrity, ...

9.8CVSS5.9AI score0.00019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 4 days ago32 views

CVE-2026-50214 Shared Secret Quota Inflation

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS0.00019EPSS
Exploits0References1
NVD
NVDadded 2026/01/16 5:16 a.m.4 views

CVE-2025-14384

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /aioseo/v1/ai/credits REST route in all versions up to, and including, 4.9.2. This makes it possible for...

4.3CVSS0.00016EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/11 1:44 p.m.4 views

CVE-2025-64689

In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token...

9.6CVSS6.8AI score0.00003EPSS
Exploits0References1
Code423n4
Code423n4added 2023/10/06 12:0 a.m.6 views

Many issues around addGlobalToken due to lack of input validation when linking a global token to local token

Lines of code Vulnerability details Impact addGlobalToken is used to add a global token to a branch. The flow as follows: 1 = CoreBranchRouter.addGlobalToken 2 = Send Cross-Chain request System Response/Request with FuncId 0x01 Notice that is uses normal callOut though. Anyway, let's continue...

7AI score
Exploits0
Debian CVE
Debian CVEadded 2020/07/02 6:35 p.m.26 views

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

4.3CVSS5.8AI score0.00443EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2020/05/26 3:11 p.m.78 views

Ability to forge per-form CSRF tokens in Rails

It is possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for...

4.3CVSS5.3AI score0.00443EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder