Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/05/22 7:50 a.m.4 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00878EPSS
Exploits0References8
CVE
CVEadded 2026/05/22 7:50 a.m.13 views

CVE-2026-7798

The CVE-2026-7798 entry concerns the FluentCRM WordPress plugin (versions up to and including 2.9.87). A Blind Server-Side Request Forgery exists via the SubscribeURL parameter, enabling unauthenticated actors to make web requests from the application to internal/internal-facing targets and poten...

5.4CVSS5.8AI score0.00878EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.5 views

PT-2026-39960

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

4.8CVSS6.5AI score0.00114EPSS
Exploits0References4
Snyk
Snykadded 2026/05/08 4:32 p.m.5 views

Missing Authentication for Critical Function

Overview gmaps-mcp is a MCP server for Google Maps — places search, directions, geocoding. Works with Claude Desktop, Cursor, Claude Code. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the HTTP authentication process. An attacker can make...

8.3CVSS5.8AI score
Exploits0References2
EUVD
EUVDadded 2026/04/17 9:31 p.m.0 views

EUVD-2026-23464

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00196EPSS
Exploits1References4
NVD
NVDadded 2026/04/17 7:16 p.m.1 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS0.00196EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/21 8:22 p.m.3 views

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS5.4AI score0.0005EPSS
Exploits0References1
NVD
NVDadded 2026/01/20 8:16 p.m.3 views

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

6.5CVSS0.0005EPSS
Exploits0References4
Rows per page
Query Builder