Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2025/11/03 4:41 p.m.7 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the url variable processing in openURLMiddleware.ts. An attacker can execute arbitrary system commands by sending crafted HTTP POST requests, if the Metro development server is in use. This server binds to all...

9.8CVSS8.3AI score0.2788EPSS
Exploits5References2
Snyk
Snykadded 2025/09/08 11:41 p.m.1 views

Relative Path Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Relative Path Traversal via improper enforcement of server.fs settings. An attacker can access arbitrary HTML files on the server by sending crafted requests to the preview server. Note:...

5.3CVSS6.9AI score0.00027EPSS
Exploits1References2
OSV
OSVadded 2025/09/08 10:56 p.m.3 views

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

2.3CVSS6.5AI score0.00027EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2025/05/22 9:6 p.m.7 views

CVE-2021-42835

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker with a foothold in a endpoint via a low-privileged user account can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC...

7CVSS7.5AI score0.142EPSS
Exploits1
Packet Storm
Packet Stormadded 2020/04/21 12:0 a.m.102 views

QRadar Community Edition 7.3.1.6 Cross Site Scripting

------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page ------------------------------------------------------------------------ Yorick Koster, September 2019...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2018/07/30 12:0 a.m.557 views

Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)

Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...

0.1AI score0.00337EPSS
Exploits2
CVE
CVEadded 2018/02/19 2:0 p.m.70 views

CVE-2017-15712

CVE-2017-15712 affects Apache Oozie before fixes: vulnerable versions include 3.1.3-incubating up to 4.3.0 and 5.0.0-beta1. The issue allows a remote attacker to obtain private files on the Oozie server by crafting a workflow XML that references sensitive files via XML directives/configuration. T...

6.8CVSS6.3AI score0.00659EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder