Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/11/25 7:15 p.m.1 views

CVE-2025-64067

Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data e.g., user profiles, project records fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This...

5.3CVSS0.00038EPSS
Exploits0References2
CVE
CVEadded 2025/11/25 12:0 a.m.8 views

CVE-2025-64067

CVE-2025-64067 affects Primakon Pi Portal 1.0.18 APIs where endpoints that return object-specific or filtered data fail to verify that the requester is authorized for the target data. This enables unauthorized access through: (1) Direct ID manipulation/IDOR by altering identifiers like user_id or...

5.3CVSS6.1AI score0.00038EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2025/02/05 11:30 a.m.84 views

CVE-2024-49348

CVE-2024-49348 affects IBM Cloud Pak for Business Automation (versions 18.0.0 through 22.0.2). The issue is described as an incorrect privilege assignment that can restrict access to organizational data to valid contexts, with the root cause being that tasks of type comment can be reassigned via ...

6.5CVSS6.7AI score0.00069EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker Newsadded 2024/01/17 1:30 p.m.34 views

This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property IP and data against the growing and evolving risks of AI usage. SaaS...

6.6AI score
Exploits0
Hacker One
Hacker Oneadded 2023/02/19 3:22 a.m.25 views

U.S. Dept Of Defense: Email exploitation with web hosting services.

A vulnerability allowed an attacker to send emails to anyone using an organization's email list and to its people by uploading a PHP file to the public HTML. The vulnerability could result in reputation loss, phishing attacks, and the theft of internal information. Mitigation measures were not...

7AI score
Exploits0
CNNVD
CNNVDadded 2022/05/16 12:0 a.m.2 views

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon, which stems from insufficient cleaning of...

6.1CVSS5.8AI score0.00332EPSS
Exploits0References5
Schneier on Security
Schneier on Securityadded 2020/03/19 11:49 a.m.34 views

Work-from-Home Security Advice

SANS has made freely available its "Work-from-Home Awareness Kit." When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These...

0.6AI score
Exploits0
Hacker One
Hacker Oneadded 2019/06/19 4:50 a.m.91 views

Nextcloud: User with read-only access to a share can gain write access to sub-folders in the share

user0 creates folders /test and /test/sub user0 creates file /test/sub/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/sub/file.txt - good user1 creates a link share of /test/sub - it has permissions 1...

4CVSS6.8AI score0.00115EPSS
Exploits0
Rows per page
Query Builder