CVE-2026-34024

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

CVE-2026-34024

The CVE-2026-34024 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The underling issue is missing authorization checks on multiple web endpoints, allowing an authenticated attacker with low privileges to access endpoints not visible in the frontend but directly ...

EUVD-2026-36707

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

PT-2026-49195

Name of the Vulnerable Software and Affected Versions Wertheim SafeController Software version 6.15.8328.28014 Description Missing authorization checks on multiple web application endpoints allow an authenticated attacker with minimal privileges to access hidden endpoints. This enables the...

PT-2026-35820

Name of the Vulnerable Software and Affected Versions Snap One WattBox 800 and 820 series versions prior to 2.10.0.0 Description Undisclosed diagnostic HTTP endpoints require only the device MAC address and service tag for authentication. Both values are printed in plaintext on the physical devic...

CVE-2025-22168

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-5777 Exploit Tool 🔥 A powerful educational tool...

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...