Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/09 12:0 a.m.7 views

PT-2026-39306

Name of the Vulnerable Software and Affected Versions GitLab MCP Server versions prior to 0.6.0 Description The HTTP transport in src/transport.ts lacks an authentication layer and implements a wildcard Access-Control-Allow-Origin: header on all responses. This allows any cross-origin browser...

9.2CVSS5.8AI score0.00019EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/03/05 9:42 p.m.8 views

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...

5.3CVSS6AI score0.00025EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/15 7:44 p.m.5 views

CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

9.3CVSS7.6AI score0.00411EPSS
Exploits0References3
Packet Storm
Packet Stormadded 2025/12/12 12:0 a.m.128 views

📄 EduplusCampus Student Portal 3.0.1 Insecure Direct Object Reference

EduplusCampus Student Portal version 3.0.1 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : EduplusCampus student portal v 3.0.1...

6.5CVSS7AI score0.00042EPSS
Exploits3
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.2 views

PT-2025-50149

Name of the Vulnerable Software and Affected Versions Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x through 6.10.5 and versions prior to 6.11.1 Description The software has an insecure .NET Remoting exposure in the Legacy Remoting...

9.3CVSS7.7AI score0.01272EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2022/02/19 4:15 a.m.3 views

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...

5.3CVSS5.8AI score0.00226EPSS
Exploits0References3
OSV
OSVadded 2022/01/12 8:15 p.m.1 views

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

7.5CVSS7.1AI score0.00053EPSS
Exploits0References2
Rows per page
Query Builder