Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/03/24 3:2 p.m.2 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00179EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2024/11/02 3:49 a.m.1 views

SUSE CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

2.4CVSS6.9AI score0.00114EPSS
Exploits0References5
Veracode
Veracodeadded 2024/10/21 11:28 a.m.3 views

Privilege Escalation

github.com/authzed/spicedb is vulnerable to Privilege Escalation. The vulnerability is due to a bug in the LookupResources2 feature, where requests with caveats in the evaluation path may return a CONDITIONAL permissionship with missing context, even when the context was provided...

2.4CVSS6.5AI score0.00114EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2024/10/15 3:42 p.m.4 views

GO-2024-3200 SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not in github.com/authzed/spicedb

SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not in github.com/authzed/spicedb...

2.4CVSS3.8AI score0.00114EPSS
Exploits0References3
NVD
NVDadded 2024/10/14 9:15 p.m.14 views

CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

2.4CVSS0.00114EPSS
Exploits0References2
CVE
CVEadded 2024/10/14 8:22 p.m.85 views

CVE-2024-48909

Technical details for CVE-2024-48909 are not publicly available in the provided documents; monitor for updates.

2.4CVSS3.3AI score0.00114EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linuxadded 2020/03/23 8:21 a.m.3 views

jetty: error path information disclosure

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS7.2AI score0.0336EPSS
Exploits0References4
Rows per page
Query Builder