Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/03/31 10:10 a.m.24 views

CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot

Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...

8.7CVSS0.00061EPSS
Exploits0References1
OSV
OSVadded 2026/03/20 11:16 p.m.2 views

DEBIAN-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS5.8AI score0.0007EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/02/09 6:36 p.m.2 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.6AI score0.00025EPSS
Exploits0References5
Snyk
Snykadded 2025/08/28 7:36 p.m.1 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...

4.2CVSS7AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/08/09 12:0 a.m.3 views

PT-2025-32439 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A critical issue exists in linlinjava litemall up to version 1.8.0 related to path traversal. The delete function within the File Handler component, located at the /admin/storage/delete AP...

5.5CVSS7AI score0.00295EPSS
Exploits1References11
Huntr
Huntradded 2021/05/23 12:55 p.m.21 views

Improper Access Control in bramp/myip

✍️ Description Google Maps API key is enabled without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. If Google Maps is not used in your project, then all the following APIs should...

Exploits0
ATTACKERKB
ATTACKERKBadded 2011/09/29 12:55 a.m.2 views

CVE-2011-3001

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References11
Rows per page
Query Builder