Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:10 p.m.0 views

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

5.5CVSS5.8AI score0.00005EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/03/03 10:25 p.m.9 views

OpenClaw has multiple E2E/test Dockerfiles that run all processes as root

Three Dockerfiles in scripts/docker/ and scripts/e2e/ lack a USER directive, meaning all processes run as uid 0 root. If any process is compromised, the attacker has root inside the container, making container breakout significantly easier. Partial fix 2026-02-08: Commit 28e1a65e added USER sandb...

6AI score
Exploits0References3Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-23669

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.0035EPSS
Exploits0References3
NVD
NVDadded 2025/10/03 4:16 p.m.2 views

CVE-2025-34226

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS0.00178EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/09/12 5:37 p.m.11 views

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

9.8CVSS0.32362EPSS
Exploits13References2
RedhatCVE
RedhatCVEadded 2025/08/07 11:32 p.m.2 views

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS6.6AI score0.0035EPSS
Exploits0References1
NVD
NVDadded 2025/08/06 12:15 a.m.2 views

CVE-2025-54594

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS0.0035EPSS
Exploits0References3
OSV
OSVadded 2025/08/05 11:31 p.m.3 views

CVE-2025-54594 react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pullrequesttarget event trigger, which allowed for untrusted code from a forked pull request to...

9.1CVSS7.2AI score0.0035EPSS
Exploits0References5
Rows per page
Query Builder