Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/21 9:16 p.m.2 views

CVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

8.3CVSS0.00028EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/20 4:8 p.m.4 views

CVE-2026-22731

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

8.2CVSS5.8AI score0.00036EPSS
Exploits0References4
NVD
NVDadded 2026/02/10 6:15 a.m.3 views

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS0.00017EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/02/10 5:29 a.m.2 views

CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.9AI score0.00017EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/10 5:29 a.m.4 views

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.6AI score0.00017EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/02/10 12:0 a.m.2 views

PT-2026-7232

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.9AI score0.00017EPSS
Exploits0References7
GithubExploit
GithubExploitadded 2025/08/27 11:39 a.m.176 views

Exploit for CVE-2024-28397

CodeTwoRCEExploit This script incorporates authentication to a...

5.3CVSS8.8AI score0.59353EPSS
Exploits22
CNNVD
CNNVDadded 2021/12/09 12:0 a.m.2 views

Flask-AppBuilder 授权问题漏洞

Flask-AppBuilder is a simple and fast application development framework. An authorization issue vulnerability exists in versions of Flask-AppBuilder prior to 3.3.4 that allows a malicious actor to successfully authenticate and gain access to an existing protected REST API endpoint via a crafted...

8.8CVSS7.9AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder