Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21399 matches found

OSV
OSVadded 2026/05/17 6:26 p.m.5 views

MINI-GMR9-9QJ8-Q7PG

Bulletin has no description...

6.5CVSS6.7AI score0.00023EPSS
Exploits0
OSV
OSVadded 2026/05/17 12:33 p.m.2 views

MINI-XV97-6F42-M547

Bulletin has no description...

7.5CVSS7.2AI score0.00021EPSS
Exploits0
OSV
OSVadded 2026/05/17 12:33 p.m.1 views

MINI-V646-454J-MFWC

Bulletin has no description...

7.1CVSS5.7AI score0.00006EPSS
Exploits0
OSV
OSVadded 2026/05/17 12:32 p.m.1 views

MINI-JWF3-38WQ-VRJP

Bulletin has no description...

7.5CVSS5.7AI score0.00018EPSS
Exploits0
OSV
OSVadded 2026/05/17 12:18 p.m.0 views

MINI-MGXJ-7546-CXHQ

Bulletin has no description...

7.5CVSS5.7AI score0.00018EPSS
Exploits0
OSV
OSVadded 2026/05/16 9:30 p.m.2 views

MINI-5R3H-V7V6-V8FQ

Bulletin has no description...

7.8CVSS5.7AI score0.00005EPSS
Exploits1
OSV
OSVadded 2026/05/16 8:30 p.m.1 views

MINI-4624-8HPG-RCJ5

Bulletin has no description...

7.5CVSS7.2AI score0.00016EPSS
Exploits1
OSV
OSVadded 2026/05/16 8:15 p.m.0 views

MINI-767R-9MHJ-HRPP

Bulletin has no description...

5.3CVSS6.3AI score0.00017EPSS
Exploits0
OSV
OSVadded 2026/05/16 7:45 p.m.1 views

MINI-M4RQ-GH8P-22G5

Bulletin has no description...

5.3CVSS6.7AI score0.00028EPSS
Exploits0
OSV
OSVadded 2026/05/16 3:16 p.m.3 views

MINI-7H2P-GJ9F-4VP9

Bulletin has no description...

8.8CVSS5.7AI score0.00078EPSS
Exploits0
OSV
OSVadded 2026/05/16 3:15 p.m.1 views

MINI-2QC4-M2QW-8HC6

Bulletin has no description...

5.3CVSS5.7AI score0.0003EPSS
Exploits0
Veracode
Veracodeadded 2026/05/16 5:48 a.m.11 views

Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

8.8CVSS5.8AI score0.00046EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2026/05/16 5:22 a.m.8 views

Server-Side Request Forgery (SSRF)

FrontMCP is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe dereferencing of $ref pointers in OpenAPI specifications without URL restrictions, which allows an attacker to trigger requests to internal network resources or read local files through malicious OpenAP...

7.5CVSS5.8AI score0.00061EPSS
Exploits1References3Affected Software3
RedhatCVE
RedhatCVEadded 2026/05/16 1:57 a.m.8 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00014EPSS
Exploits0References1
Circl
Circladded 2026/05/15 9:55 p.m.7 views

CVE-2026-44551

creationtimestamp| type| source ---|---|--- 2026-05-15 21:55:17+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mlwd4e4gaz2f 2026-05-16 11:01:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlxozn5c3m2n 2026-05-18 20:07:20+00:00| seen|...

9.1CVSS5.7AI score0.02638EPSS
Exploits1References4
NVD
NVDadded 2026/05/15 9:16 p.m.7 views

CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

4.3CVSS0.00036EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/15 9:7 p.m.27 views

CVE-2026-45666 Open WebUI: Indirect Object Reference (IDOR) in user notes

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

6.5CVSS0.00033EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/15 9:7 p.m.7 views

CVE-2026-45666 Open WebUI: Indirect Object Reference (IDOR) in user notes

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

6.5CVSS5.8AI score0.00033EPSS
Exploits1References1
CVE
CVEadded 2026/05/15 9:7 p.m.8 views

CVE-2026-45666

CVE-2026-45666 — Open WebUI IDOR in notes endpoint : The API /api/v1/notes/{note_id} allowed authenticated users to read other users’ notes by guessing UUIDs prior to version 0.8.11, enabling unauthorized data disclosure. The issue is fixed in 0.8.11; per-id endpoints now enforce ownership (admin...

6.5CVSS5.8AI score0.00033EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/15 8:33 p.m.0 views

CGA-9FP4-3R9W-7WGX

Bulletin has no description...

7.5CVSS5.7AI score0.00063EPSS
Exploits0
Rows per page
Query Builder