Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/03/31 11:7 p.m.2 views

GHSA-6FPF-248C-M7WM Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface

A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SSH keys, ntds.dit or destroying the entire compromised infrastructure, entirely through the operator's own...

5.9CVSS5.9AI score0.00029EPSS
Exploits1References3
Snyk
Snykadded 2026/03/31 8:11 p.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the MCP server insecure CORS configuration and lack of authentication in the MCP interface. An attacker can gain unauthorized control over all active sessions and exfiltrate sensitive data...

8.8CVSS5.9AI score0.00029EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/27 9:23 p.m.5 views

CVE-2026-24435

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...

7.1CVSS5.9AI score0.00057EPSS
Exploits0References1
OSV
OSVadded 2026/01/26 6:16 p.m.1 views

CVE-2026-24435

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...

6.5CVSS5.8AI score0.00057EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-4053:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4053:02 advisory. tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 tomcat: Late...

9.8CVSS7.7AI score0.61177EPSS
Exploits2References5
OSV
OSVadded 2018/05/30 5:47 p.m.2 views

USN-3665-1 tomcat7, tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...

9.8CVSS7.2AI score0.9438EPSS
Exploits28References7
Rows per page
Query Builder