Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

NVD
NVDadded 2026/03/19 12:16 a.m.5 views

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS0.10069EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/18 11:11 p.m.54 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS0.10069EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/18 11:11 p.m.3 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References3
OSV
OSVadded 2026/03/18 11:11 p.m.5 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References5
CVE
CVEadded 2026/03/18 11:11 p.m.28 views

CVE-2026-32255

Kan is vulnerable to unauthenticated SSRF via /api/download/attatchment in versions 0.5.4 and earlier. The endpoint accepts a user-supplied URL query parameter, passes it server-side to fetch(), and returns the full response body without authentication or URL validation. An unauthenticated attack...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.6 views

PT-2026-26167

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/12 4:47 p.m.2 views

Malicious code in pilka-luniu-kan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0667a7b8231038a76f7d441e3ed542f5d3120266bc415f319ec57df9c03aa7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Openbugbounty
Openbugbountyadded 2023/08/30 12:16 p.m.15 views

kan-bud.com Cross Site Scripting vulnerability OBB-3626723

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbountyadded 2022/07/09 9:7 a.m.13 views

kan-bud.de Cross Site Scripting vulnerability OBB-2746631

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbountyadded 2022/01/04 4:58 p.m.10 views

kan-bud.com Cross Site Scripting vulnerability OBB-2323449

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbountyadded 2018/11/25 4:54 a.m.10 views

kan.or.kr XSS vulnerability

Open Bug Bounty ID: OBB-702681 Description| Value ---|--- Affected Website:| kan.or.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...

Exploits0
RedHat Linux
RedHat Linuxadded 2017/03/14 6:3 a.m.85 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7.1AI score0.17484EPSS
Exploits8References11
Tenable Nessus
Tenable Nessusadded 2017/03/09 12:0 a.m.30 views

RHEL 7 : firefox (RHSA-2017:0461)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:0461 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fixes: Multiple flaws were found i...

10CVSS8.2AI score0.17484EPSS
Exploits8References22
RedHat Linux
RedHat Linuxadded 2017/03/08 3:53 p.m.74 views

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

10CVSS7.1AI score0.17484EPSS
Exploits8References11
Packet Storm
Packet Stormadded 2010/11/03 12:0 a.m.21 views

Kandidat CMS 1.4.2 Cross Site Scripting

================================ Vulnerability ID: HTB22650 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms2.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010...

7AI score
Exploits0
0day.today
0day.todayadded 2010/11/03 12:0 a.m.16 views

Kandidat CMS 1.4.2 Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ============================================================ Kandidat CMS 1.4.2 Stored Cross Site Scripting Vulnerability ============================================================ Product: Kandidat CMS Vendor: Kan-Studio...

7.1AI score
Exploits0
securityvulns
securityvulnsadded 2010/11/02 12:0 a.m.105 views

XSS vulnerability in Kandidat CMS

Vulnerability ID: HTB22650 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms2.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Stored XSS...

0.2AI score
Exploits0
exploitpack
exploitpackadded 2010/11/02 12:0 a.m.13 views

Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting

Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting Vulnerability ID: HTB22648 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notificatio...

6.5AI score
Exploits0
securityvulns
securityvulnsadded 2010/11/02 12:0 a.m.42 views

XSS vulnerability in Kandidat CMS

Vulnerability ID: HTB22648 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Stored XSS Cro...

Exploits0
Exploit DB
Exploit DBadded 2010/11/02 12:0 a.m.25 views

Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting

Vulnerability ID: HTB22648 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Stored XSS Cro...

7AI score
Exploits0
Rows per page
Query Builder