Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/05/29 8:4 a.m.35 views

CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/25 9:56 p.m.7 views

CVE-2026-27398

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2025/03/18 12:0 a.m.5 views

The vulnerability of the xiic_xfer() function in the drivers/i2c/busses/i2c-xiic.c file of the Linux operating system allows a hacker to gain access to protected information.

The vulnerability of the xiicxfer function in the drivers/i2c/busses/i2c-xiic.c file of the Linux operating system’s kernel is related to security configuration errors. Exploiting this vulnerability could allow an attacker to gain access to protected information...

5.5CVSS5.5AI score0.00225EPSS
Exploits0References15Affected Software2
Cvelist
Cvelistadded 2024/04/09 12:54 a.m.15 views

CVE-2024-27899 Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...

8.8CVSS8.8AI score0.00403EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2020/03/18 2:51 p.m.2 views

elasticsearch: Improper permission issue when attaching a new name to an index

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

8.1CVSS5.8AI score0.02149EPSS
Exploits0References4
BDU FSTEC
BDU FSTECadded 2015/10/01 12:0 a.m.3 views

The vulnerability of the iOS operating system, which allows a hacker to replace the content of web pages

The vulnerability of the Safari browser on the iOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to replace the content of web pages using a specially crafted website...

4.3CVSS5.5AI score0.01425EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder