Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 3 days ago5 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS0.00049EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/24 6:22 p.m.2 views

CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...

5.3CVSS5.7AI score0.00014EPSS
Exploits0References5
OSV
OSVadded 2026/03/20 11:37 a.m.2 views

BIT-PARSE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. Thi...

4.3CVSS5.9AI score0.00021EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/03/17 6:37 p.m.4 views

Parse Server session creation endpoint allows overwriting server-generated session fields

Impact An authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows...

4.3CVSS5.9AI score0.00021EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/15 12:0 a.m.2 views

PT-2026-3046

RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...

6.8CVSS6.5AI score0.00011EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/04/15 2:13 p.m.13 views

CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

4.8CVSS5.2AI score0.00193EPSS
Exploits0References1
CNVD
CNVDadded 2020/02/18 12:0 a.m.1 views

Iteris Vantage Velocity Field Unit Operating System Command Injection Vulnerability

The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. An operating system command injection vulnerability exists in the Iteris Vantage Velocity Field Unit versions 2.3.1, 2.4.2, and 3.0. An attacker exploits the vulnerability to execute commands via NTP Server...

10CVSS8AI score0.00726EPSS
Exploits1References1
Rows per page
Query Builder