Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.5AI score0.00032EPSS
Exploits0References1
OSV
OSVadded 2026/05/07 1:49 a.m.0 views

GHSA-M98R-6667-4WQ7 Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)

Impact Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user User A, given another user's threadid User B, can: - Execute graph runs against User B's thread via POST /threads/threadid/runs...

8.6CVSS6.1AI score0.00014EPSS
Exploits0References7
NVD
NVDadded 2026/04/30 10:16 p.m.2 views

CVE-2026-6542

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

8.1CVSS0.00052EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/04 1:15 p.m.2 views

EUVD-2025-37752

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'idsociedad' in '/api/buscarEmpresaById.php'...

8.7CVSS6.2AI score0.00048EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/09/07 5:15 p.m.2 views

CVE-2022-36539

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children...

7.5CVSS7.1AI score0.06512EPSS
Exploits1References3
CNVD
CNVDadded 2020/05/23 12:0 a.m.1 views

Parallel overstepping vulnerability in Liangjing Mall online store shopping system

Liangjing Mall Online Shop Shopping System is a set of multi-functional online store system that can be suitable for different types of commodities, super flexible, three-tier distribution PC+Mobile+Micro-site. There is a parallel override vulnerability in LiangJing Mall Online Shop Shopping...

6.8AI score
Exploits0
OSV
OSVadded 2018/10/05 2:29 p.m.2 views

CVE-2018-15405

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References2
CNVD
CNVDadded 2017/12/19 12:0 a.m.1 views

Coremail's Android version suffers from an override access vulnerability.

Coremail Lobbyist Email System for Android is a mobile email app. There is an over-authorized access vulnerability in the "Personal Details" page of Coremail Lonker Mailbox System for Android. It allows attackers to utilize the vulnerability to modify the list field to query the name, cell phone...

6.6AI score
Exploits0
Rows per page
Query Builder