Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/03/26 5:19 p.m.20 views

CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

3.7CVSS0.00022EPSS
Exploits1References1
NVD
NVDadded 2025/10/15 5:16 p.m.1 views

CVE-2025-62378

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

6.1CVSS0.00018EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-2308

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00334EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 1:43 a.m.6 views

CVE-2023-20797

In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582...

6.7CVSS7.1AI score0.00026EPSS
Exploits0References1
CVE
CVEadded 2025/03/03 4:40 p.m.85 views

CVE-2025-25302

Rembg (versions 2.0.57 and earlier) is reported to have a CORS misconfiguration where the CORS middleware reflects all origins and allow_credentials is set to True. This combination effectively enables cross-origin requests from any site and could allow authenticated cross-site requests to the re...

8.7CVSS6.8AI score0.00042EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2024/07/02 12:0 a.m.3 views

PT-2025-32214 · Unknown · Middleware

Name of the Vulnerable Software and Affected Versions: Middleware affected versions not specified Description: The middleware experiences excessive heap allocations when handling malicious preflight requests containing a large number of commas within the Access-Control-Request-Headers ACRH header...

7.5CVSS6.1AI score0.00378EPSS
Exploits0References17
Vulnrichment
Vulnrichmentadded 2022/05/25 12:0 a.m.2 views

CVE-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8CVSS8.1AI score0.00637EPSS
Exploits0References5
PyPA
PyPAadded 2019/12/10 3:15 p.m.4 views

PYSEC-2019-161

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

9.8CVSS7AI score0.00826EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder