Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.13 views

PT-2026-42115

Name of the Vulnerable Software and Affected Versions Anomify AI – Anomaly Detection and Alerting versions prior to 0.3.7 Description The plugin is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. The issue stems from missing nonce verification on the...

4.3CVSS6AI score0.00168EPSS
Exploits0References10
Snyk
Snykadded 2026/03/26 7:51 p.m.4 views

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure due to inconsistent sanitization of host environment override keys in the host-env-security.ts process. An attacker can bypass environment policy restrictions...

8.8CVSS5.9AI score0.00479EPSS
Exploits0References3
OSV
OSVadded 2026/03/13 8:51 p.m.6 views

GHSA-PFJJ-6F4P-RVMH Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

9.9CVSS6AI score0.00512EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/13 8:51 p.m.5 views

EUVD-2026-12135

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization...

9.9CVSS5.8AI score0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/13 8:29 p.m.6 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
CVE
CVEadded 2026/03/13 8:29 p.m.43 views

CVE-2026-32621

CVE-2026-32621 affects Apollo Federation’s gateway, with a root cause in query plan execution leading to possible pollution of Object.prototype. The advisory and CVE entry indicate the issue exists prior to fixes in versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, involving either crafted oper...

9.9CVSS5.9AI score0.00512EPSS
Exploits0References1
CVE
CVEadded 2025/11/24 2:40 p.m.24 views

CVE-2025-12977

Fluent Bit vulnerability CVE-2025-12977 affects the in_http, in_splunk, and in_elasticsearch input plugins. The root cause is improper sanitization of tag_key inputs, allowing special characters (e.g., newlines, ../) to be treated as valid tags. This can lead to newline injection, path traversal,...

9.1CVSS6.6AI score0.00608EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/02/16 5:15 p.m.13 views

CVE-2021-23682

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

9.8CVSS9.4AI score
Exploits0References6
Rows per page
Query Builder