Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6758 matches found

NVD
NVDadded yesterday2 views

CVE-2026-41032

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS0.00031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded yesterday2 views

CVE-2026-41032

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.00031EPSS
Exploits0References3Affected Software4
EUVD
EUVDadded yesterday4 views

EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.00031EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded yesterday3 views

CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.00031EPSS
Exploits0References2
CVE
CVEadded yesterday6 views

CVE-2026-41032

The CVE-2026-41032 entry concerns Phoenix Contact CHARX SEC-3xxx charging controller firmware. Affected component: firmware on CHARX SEC-3xxx charging controllers. Vulnerability: an unauthenticated adjacent attacker can download log files from the controller, potentially exposing restricted infor...

7.5CVSS5.8AI score0.00031EPSS
Exploits0References2
Nuclei
Nucleiadded yesterday22 views

CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS7.7AI score0.8916EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday7 views

Chef Automate < 4.13.295 — SQL Injection

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...

9.8CVSS5.9AI score0.19853EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded yesterday2 views

PT-2026-45912

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.00031EPSS
Exploits0References3
EUVD
EUVDadded 2 days ago4 views

EUVD-2026-33982

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2 days ago5 views

CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00042EPSS
Exploits0References2
NVD
NVDadded 2 days ago10 views

CVE-2026-7198

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...

9.8CVSS0.00084EPSS
Exploits0References1
Cvelist
Cvelistadded 2 days ago29 views

CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...

9.8CVSS0.00084EPSS
Exploits0References1
EUVD
EUVDadded 2 days ago5 views

EUVD-2026-33919

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...

10CVSS5.8AI score0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2 days ago7 views

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00042EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2 days ago6 views

PT-2026-45719

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References2
NVD
NVDadded 3 days ago5 views

CVE-2026-45275

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS0.00022EPSS
Exploits0References3
NVD
NVDadded 3 days ago8 views

CVE-2026-42679

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...

6.5CVSS0.00043EPSS
Exploits0References1
EUVD
EUVDadded 3 days ago5 views

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS
Exploits0References1
EUVD
EUVDadded 3 days ago7 views

EUVD-2026-33551

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 3 days ago5 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder