Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2156 matches found

Positive Technologies
Positive Technologiesadded 2025/09/23 12:0 a.m.5 views

PT-2025-39209

Name of the Vulnerable Software and Affected Versions Http4s versions 1.0.0-M1 through 1.0.0-M44 Http4s versions prior to 0.23.31 Description Http4s is susceptible to HTTP Request Smuggling because of incorrect handling of the HTTP trailer section. This can allow attackers to circumvent front-end...

6.3CVSS6.6AI score0.00349EPSS
Exploits1References10
CNVD
CNVDadded 2025/09/12 12:0 a.m.2 views

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

7.2CVSS6.4AI score0.00423EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-46302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for...

8.8CVSS8.6AI score0.00385EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/03 8:56 p.m.12 views

CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

6.3CVSS0.00631EPSS
Exploits1References7
Tenable Nessus
Tenable Nessusadded 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

5.3CVSS6.8AI score0.75353EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...

7.4CVSS6.3AI score0.02626EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-45403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h...

7.5CVSS5.5AI score0.00632EPSS
Exploits0References2
Redos
Redosadded 2025/08/28 12:0 a.m.2 views

ROS-20250828-03

The Apache Tomcat application server vulnerability is due to Apache Tomcat not setting the attribute "Secure" attribute for session cookie JSESSIONID when using RemoteIpFilter with requests, received from a reverse proxy server over HTTP and containing an X-Forwarded-Proto header set to on https...

4.3CVSS7.5AI score0.01831EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-41281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be...

7.5CVSS7.5AI score0.01514EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2016-7046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of...

7.1CVSS6.7AI score0.0248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessar...

7.5CVSS6.9AI score0.76875EPSS
Exploits15References2
Tenable Nessus
Tenable Nessusadded 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-30847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to...

8.2CVSS7.1AI score0.00902EPSS
Exploits0References2
Snyk
Snykadded 2025/08/19 3:33 p.m.3 views

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML form element on the Form Trigger node. An authenticated attacker can execute arbitrary JavaScript code in the context of authenticated users by injecting...

8.7CVSS5.5AI score0.00347EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/08/19 3:33 p.m.11 views

Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-46727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and...

7.5CVSS7.2AI score0.00911EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-33197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to dro...

5.3CVSS7AI score0.0226EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-49630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/08/14 3:49 p.m.15 views

CVE-2025-54864

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

7.5CVSS7AI score0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/08/12 3:48 p.m.5 views

CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

6.9CVSS7AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/08/12 3:48 p.m.29 views

CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

6.9CVSS0.00359EPSS
Exploits0References2
Rows per page
Query Builder