Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cisco
Ciscoadded 2026/05/20 4:0 p.m.5 views

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00064EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/18 1:50 p.m.3 views

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.2CVSS5.8AI score0.00079EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.7 views

PT-2026-41675

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Insufficient URL path sanitization allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API. By using unencoded dot sequences in task identifiers or...

9.2CVSS5.8AI score0.00079EPSS
Exploits1References7
Rows per page
Query Builder