Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Positive Technologies
Positive Technologiesadded 2025/11/04 12:0 a.m.3 views

PT-2025-45001

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app affected versions not specified Description A lack of authorization exists in CanalDenuncia.app, potentially allowing an attacker to access other users' information. This is achieved by sending a POST request through the web...

8.7CVSS6.4AI score0.00048EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/16 6:22 p.m.8 views

EUVD-2024-55037

Strapi Allows Unauthorized Access to Private Fields via parms.lookup...

8.2CVSS6.4AI score0.00023EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/10/16 4:7 p.m.6 views

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

8.2CVSS0.00023EPSS
Exploits1References2
OSV
OSVadded 2025/10/16 4:7 p.m.4 views

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

8.2CVSS6.8AI score0.00023EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/10/16 4:7 p.m.2 views

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

8.2CVSS6.4AI score0.00023EPSS
Exploits1References2
CVE
CVEadded 2025/10/16 4:7 p.m.17 views

CVE-2024-56143

Strapi 5.0.0–5.5.1 is vulnerable due to improper sanitization of the document service lookup operator for private fields, enabling an attacker to access sensitive data (e.g., admin passwords, reset tokens). The issue is fixed in Strapi 5.5.2. Affected software, root cause, and impact are corrobor...

8.2CVSS6.4AI score0.00023EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2009/09/11 8:30 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user parameter to user.php or 2 lookup parameter to search.php...

4.3CVSS6.1AI score0.0278EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2009/09/11 8:30 p.m.11 views

CVE-2009-3171

Multiple cross-site scripting XSS vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user parameter to user.php or 2 lookup parameter to search.php...

4.3CVSS5.8AI score0.0278EPSS
Exploits1References5
Cvelist
Cvelistadded 2009/09/11 8:0 p.m.14 views

CVE-2009-3171

Multiple cross-site scripting XSS vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user parameter to user.php or 2 lookup parameter to search.php...

5.8AI score0.0278EPSS
Exploits1References5
Rows per page
Query Builder