Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 6 days ago2 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the route middleware. An attacker can gain unauthorized access to server-rendered page content by directly requesting the /nuxtisland/page endpoint, bypassing authentication or...

6.3CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/21 8:35 p.m.2 views

GHSA-99VC-2JX2-688P NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

6.5CVSS5.9AI score
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-17120

Malware in sbrugna...

9.8CVSS9.5AI score0.07753EPSS
Exploits1References3
Hacker One
Hacker Oneadded 2022/01/12 10:25 p.m.21 views

Rocket.Chat: TOTP 2 Factor Authentication Bypass

Summary Two Factor Authentication can be bypassed when telling the server to use CAS during login. Description The 2FA Login Handler skips validation when it finds CAS enabled. When the clients sends the option among the login request, the login proceeds without validation of a second factor. In...

6.5CVSS0.00301EPSS
Exploits1
OSV
OSVadded 2021/08/04 6:15 p.m.1 views

CVE-2021-1522

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

4.3CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2018/04/18 8:0 a.m.58 views

CVE-2018-5341

CVE-2018-5341 affects Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184. The issue is a missing server-side check on the file type/extension when uploading and modifying scripts, as described in the NVD entry. This incomplete validation could enable an attacker to upload or modify scripts w...

9.8CVSS9.3AI score0.07753EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DBadded 2016/11/21 12:0 a.m.61 views

LEPTON 2.2.2 - Remote Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...

7.4AI score
Exploits0
Rows per page
Query Builder