Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

UbuntuCve
UbuntuCveadded 2026/05/06 3:15 a.m.6 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Snyk
Snykadded 2026/03/20 8:48 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:21 a.m.7 views

CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

6.4CVSS7AI score0.00375EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2023-1271

Malicious code in bioql PyPI...

8.7CVSS7.8AI score0.00762EPSS
Exploits0References5
Snyk
Snykadded 2025/09/17 8:43 p.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiativeadded 2025/03/13 12:0 a.m.12 views

NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rivaquickstart component. The issue results from the lack of authentication prior to...

6.5CVSS6.9AI score0.02009EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2023/04/13 5:53 p.m.44 views

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.7CVSS7.5AI score0.00762EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2023/04/13 5:53 p.m.20 views

GHSA-CJR9-MR35-7XH6 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.1CVSS8.1AI score0.00762EPSS
Exploits0References5
Rows per page
Query Builder