Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/10 5:17 p.m.1 views

CVE-2026-35596

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, description...

4.3CVSS0.00033EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/04/10 3:33 p.m.3 views

Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Summary The hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. Details The access contr...

4.3CVSS5.9AI score0.00033EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/18 7:48 p.m.5 views

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware Summary The bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...

8.1CVSS5.9AI score0.0013EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.7 views

SUSE SLES16 Security Update : glibc (SUSE-SU-2026:20198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20198-1 advisory. Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size...

8.4CVSS5.8AI score0.0009EPSS
Exploits1References14
RedhatCVE
RedhatCVEadded 2025/05/23 10:26 a.m.8 views

CVE-2024-41434

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component Column.GetDecimal. This allows attackers to cause a Denial of Service DoS via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the retu...

4.3CVSS7.8AI score0.001EPSS
Exploits1References1
Amazon
Amazonadded 2023/12/04 12:0 a.m.2 views

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state...

9.8CVSS8.2AI score0.01479EPSS
Exploits3
CNVD
CNVDadded 2018/07/30 12:0 a.m.2 views

cloudwu PBC Reuse After Release Vulnerability

cloudwu PBC is a C-based Google protocol buffer library . A post-release reuse vulnerability in the 'pbcMspquery' function in the map.c file of the libpbc.a static link library in cloudwu PBC 2017-03-02 and earlier versions can be exploited by an attacker to cause a denial of service crash...

9.8CVSS9.2AI score0.00483EPSS
Exploits0References1
OSV
OSVadded 2010/12/06 1:44 p.m.2 views

DEBIAN-CVE-2010-3615

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism...

5CVSS7.9AI score0.0529EPSS
Exploits0References1
Rows per page
Query Builder