Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-14089

Malware in sbrugna...

10CVSS8.9AI score0.0029EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-5555

Malware in sbrugna...

8.8CVSS8.5AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/07/18 12:0 a.m.3 views

PT-2025-30044 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A critical issue exists in xxl-job. The httpJobHandler function within the srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java file is susceptible to server-side request forgery SSRF. This...

6.5CVSS6.4AI score0.00388EPSS
Exploits1References9
OSV
OSVadded 2025/06/26 4:46 p.m.3 views

CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS6.5AI score0.0028EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 5:13 p.m.6 views

CVE-2020-8830

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen...

8.8CVSS7.1AI score0.00126EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/05/22 7:44 a.m.31 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS0.06888EPSS
Exploits6References2
Cvelist
Cvelistadded 2025/05/01 5:20 p.m.24 views

CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

8.7CVSS0.00332EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/04/11 12:0 a.m.4 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1374)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...

6.3CVSS6.6AI score0.00552EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2024/11/21 12:0 a.m.27 views

macOS 15.x < 15.1 Multiple Vulnerabilities (121564)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.1. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system...

9.8CVSS8.1AI score0.04673EPSS
Exploits1References83
Hacker One
Hacker Oneadded 2020/08/13 5:4 p.m.25 views

Mail.ru: HTTP request smuggling (?) canpol.deti.mail.ru

HTTP request smuggling in canpol.deti.mail.ru led to possibility for non-blind SSRF exploitation with access to serverside api...

1.5AI score
Exploits0
Malwarebytes
Malwarebytesadded 2017/08/04 4:11 p.m.97 views

DEFCON 25

After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people. I didn't attend all the talks, but most of the ones I saw were interesting: There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers, by Luke...

7.8AI score
Exploits0
Rows per page
Query Builder