Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.8 views

CVE-2026-41160

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

4.3CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 4:24 p.m.6 views

CVE-2026-41160

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

4.3CVSS6AI score0.00292EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/28 4:24 p.m.13 views

CVE-2026-41160

CVE-2026-41160 describes a Broken Access Control (IDOR) in EspoCRM prior to 9.3.5 where low-privilege users could pin notes without proper edit permissions due to a write-first, authorize-later flaw in the POST /api/v1/Note/{id}/pin path. The root cause is in application/Espo/Tools/Stream/Api/Pos...

4.3CVSS6AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.6 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/notes/id/pin endpoint performing write operations but only checking read...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.13 views

PT-2026-41169

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2024/12/29 12:0 a.m.4 views

PT-2025-3480 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 REVB version 2.03 Description: The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to th...

9.8CVSS9.9AI score0.01175EPSS
Exploits0References9
CNNVD
CNNVDadded 2024/05/14 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a pin endpoi...

6.5CVSS6.5AI score0.33301EPSS
Exploits0References4
Rows per page
Query Builder