Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/06/12 6:27 p.m.9 views

GHSA-9WCP-79G5-5C3C Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

8.1CVSS5.4AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/06/12 6:27 p.m.19 views

Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

5.3AI score
Exploits0References3Affected Software1
Veracode
Veracodeadded 2026/03/17 8:44 a.m.8 views

Remote Code Execution (RCE)

com.liferay, com.liferay.object.service is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction on the use of Groovy scripts in Object actions, which allows authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts and...

7.5CVSS6.5AI score0.00389EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2025/12/12 9:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References2
Snyk
Snykadded 2025/12/12 9:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

7.5CVSS7.5AI score0.00389EPSS
Exploits0References2
Snyk
Snykadded 2025/12/12 9:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References2
NVD
NVDadded 2021/11/04 11:15 p.m.16 views

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

6.5CVSS0.01098EPSS
Exploits0References3
Rows per page
Query Builder