Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.2 views

Malicious code in @subscription-info/bff (npm)

The package @subscription-info/bff was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/22 8:40 p.m.4 views

CVE-2021-0641

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00108EPSS
Exploits0References1
OSV
OSVadded 2021/08/17 7:15 p.m.2 views

CVE-2021-0641

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.2AI score
Exploits0References1
Hacker One
Hacker Oneadded 2020/04/18 9:49 p.m.26 views

Semrush: Broken validation of user Id for JWT Token

Traffic Analytics Tool TA uses JWT tokens to store user subscription information without any kind of personal information. JWT tokens are created by passing a user ID. There was an error with validation of user Id for JWT token...

6.6AI score
Exploits0
OSV
OSVadded 2017/12/27 5:8 p.m.0 views

UBUNTU-CVE-2017-17899

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter...

9.8CVSS7.7AI score0.01871EPSS
Exploits0References3
CNVD
CNVDadded 2017/12/25 12:0 a.m.1 views

Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-01643)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An SQL injection vulnerability exists in the...

9.8CVSS8.6AI score0.01871EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2017/12/24 12:0 a.m.2 views

PT-2017-15084 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 6.0.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the rowid parameter in the adherents/subscription/info.php file. Recommendations: For version 6.0.4, conside...

9.8CVSS9.7AI score0.01871EPSS
Exploits0References8
Rows per page
Query Builder