Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 11:26 a.m.5 views

CVE-2021-28680

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS6.9AI score0.00255EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-2418

Malware in sbrugna...

8.1CVSS8AI score0.00255EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/05/23 7:41 a.m.7 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS7.6AI score0.86575EPSS
Exploits2References1
NVD
NVDadded 2025/01/07 4:15 p.m.10 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS0.86575EPSS
Exploits2References3
CVE
CVEadded 2025/01/07 12:0 a.m.103 views

CVE-2024-55556

A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...

9.8CVSS7.9AI score0.86575EPSS
Exploits2References3
OSV
OSVadded 2021/12/07 9:15 p.m.13 views

CVE-2021-28680

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS6.8AI score0.00255EPSS
Exploits1References2
NVD
NVDadded 2018/06/05 3:29 p.m.13 views

CVE-2018-10966

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

7.5CVSS7.1AI score0.00284EPSS
Exploits1References3
CVE
CVEadded 2018/06/05 3:0 p.m.42 views

CVE-2018-10966

CVE-2018-10966 affects GamerPolls 0.4.6. The issue arises from how the app uses Passport.js to sign the session cookie; an attacker can edit the Passport.js data in the session cookie and include the target account ID, then re-sign it with a hard-coded secret. This enables session/identity impers...

7.5CVSS7.1AI score0.00284EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder