Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/04/17 9:53 p.m.18 views

CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...

9CVSS0.00649EPSS
Exploits0References1
OSV
OSVadded 2025/12/08 9:31 p.m.4 views

GO-2025-4182 Coder logs sensitive objects unsanitized in github.com/coder/coder

Coder logs sensitive objects unsanitized in github.com/coder/coder...

7.8CVSS6.8AI score0.00195EPSS
Exploits1References9
EUVD
EUVDadded 2025/12/03 7:25 p.m.6 views

EUVD-2025-201015

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace VM, K8s Pod etc. or ...

7.8CVSS5.9AI score0.00195EPSS
Exploits1References9
OSV
OSVadded 2022/05/24 5:20 p.m.6 views

GHSA-V377-8F8F-532H Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity...

8.8CVSS7.4AI score0.03656EPSS
Exploits1References5
exploitpack
exploitpackadded 2017/10/17 12:0 a.m.60 views

OpenText Documentum Content Server - dmr_content Privilege Escalation

OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...

6.5CVSS1.2AI score0.06639EPSS
Exploits4
CVE
CVEadded 2017/10/13 4:0 p.m.72 views

CVE-2017-15013

CVE-2017-15013 affects OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3. The design flaw lets any authenticated user modify or delete dmr_content objects (notably those linked to sensitive items such as dm_method), enabling replacement of content and e...

8.8CVSS8.6AI score0.06639EPSS
Exploits4References3Affected Software1
OpenVAS
OpenVASadded 2010/04/09 12:0 a.m.48 views

Ubuntu Update for openjdk-6 vulnerabilities USN-923-1

Ubuntu Update for Linux kernel vulnerabilities USN-923-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9231.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

7.5CVSS0.3AI score0.96166EPSS
Exploits33References2
Rows per page
Query Builder