Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-3569

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissionsread permission callback unconditionally returns true via returntrue instead of checking for...

5.3CVSS5.5AI score0.00015EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2 days ago8 views

wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...

5.5AI score
Exploits0References7Affected Software1
NVD
NVDadded 2026/05/15 9:16 p.m.6 views

CVE-2026-45387

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

4.3CVSS0.00026EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 8:32 p.m.4 views

CVE-2026-45387

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

4.3CVSS5.8AI score0.00026EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/24 7:45 a.m.21 views

CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissionsread permission callback unconditionally returns true via returntrue instead of checking for...

5.3CVSS0.00015EPSS
Exploits0References8
Cvelist
Cvelistadded 2025/10/29 1:29 p.m.5 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

0.0003EPSS
Exploits0References1
OSV
OSVadded 2025/06/27 2:55 p.m.3 views

GHSA-JJ2R-455P-5GVF filebrowser Sets Insecure File Permissions

Summary The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers where the umask configuration has not been hardened before, this makes all the stated fil...

5.5CVSS5.7AI score0.00076EPSS
Exploits1References6
Rows per page
Query Builder