Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:30 p.m.8 views

CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

6.5CVSS5.4AI score0.00203EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/03/25 9:17 p.m.5 views

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...

6.5CVSS5.9AI score0.0033EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2025/09/27 1:1 a.m.3 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS6.5AI score0.00299EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/06/10 11:8 p.m.29 views

CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

0.00583EPSS
Exploits0References3
Cvelist
Cvelistadded 2022/08/05 3:12 p.m.32 views

CVE-2022-2459

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...

2.7CVSS4.2AI score0.00669EPSS
Exploits0References3
BDU FSTEC
BDU FSTECadded 2021/02/08 12:0 a.m.5 views

The vulnerability of the jviews-framework-all.jar component at the corporate level, which allows for the extraction, transformation, and loading of Jviews data, enables a hacker to execute arbitrary code.

The vulnerability of the jviews-framework-all.jar component of the corporate-level platform for extracting, transforming, and loading Jviews data is related to insufficient access control checks for projects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

10CVSS8.2AI score0.02748EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessusadded 2004/09/29 12:0 a.m.25 views

Debian DSA-153-1 : mantis - cross site code execution and privilege escalation

Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system. The Debian Security Team found even more similar problems. When these occasions are exploited, a remote user is able to execute arbitrary code...

10CVSS6.2AI score0.03267EPSS
Exploits1References11
Rows per page
Query Builder