Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/05/28 12:16 p.m.24 views

CVE-2026-9818

...

Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.9 views

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

4.7CVSS5.8AI score
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/05/08 8:21 p.m.7 views

CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/30 3:32 p.m.0 views

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/22 1:28 a.m.4 views

CVE-2026-27170

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.4AI score0.00181EPSS
Exploits0References1
OSV
OSVadded 2026/01/28 7:30 p.m.5 views

CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...

7.1CVSS5.9AI score0.00201EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/10/10 12:0 a.m.5 views

Slack Morphism 安全漏洞

Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...

7.5CVSS6.1AI score0.00657EPSS
Exploits0References3
ThreatPost
ThreatPostadded 2016/08/01 9:0 a.m.18 views

New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...

0.4AI score
Exploits0References3
Rows per page
Query Builder