Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 3 hours ago6 views

EUVD-2026-34331

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.8AI score
Exploits0References4
CVE
CVEadded yesterday8 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded yesterday7 views

PT-2026-46269

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS5.8AI score
Exploits0References3
CVE
CVEadded 2025/10/22 4:30 p.m.5 views

CVE-2025-22172

CVE-2025-22172 affects Atlassian Jira Align. The issue is an authorization flaw that lets a low-privilege user access unexpected endpoints and disclose a small amount of sensitive information, exemplified by reading external reports without required permission. The description and connected sourc...

5.3CVSS6.3AI score0.00037EPSS
Exploits0References1Affected Software1
PyPA
PyPAadded 2022/06/27 6:15 p.m.4 views

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS7AI score0.06109EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/06/27 12:0 a.m.2 views

PT-2022-17890 · Systemd · Systemd

Name of the Vulnerable Software and Affected Versions: SystemDS versions prior to 2.2.1 Description: The termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. SystemDS is a distributed system and needs to...

8.7CVSS7.4AI score0.06109EPSS
Exploits0References9
OSV
OSVadded 2020/03/18 7:15 p.m.0 views

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

6.1CVSS5.9AI score
Exploits0References3
OSV
OSVadded 2017/01/13 9:59 a.m.1 views

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

5.5CVSS5.8AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder