Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2026/04/01 9:5 p.m.3 views

EUVD-2026-17650

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints...

7.5CVSS5.8AI score0.00023EPSS
Exploits1References3
NVD
NVDadded 2026/03/31 9:16 p.m.2 views

CVE-2026-34732

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS0.00023EPSS
Exploits1References1
CVE
CVEadded 2026/03/31 8:51 p.m.3 views

CVE-2026-34732

WWBN AVideo CVE-2026-34732 affects the CreatePlugin list.json.php template (versions ≤26.0). The template ships without authentication/authorization checks, while add.json.php and delete.json.php require admin privileges. This omission creates 21 unauthenticated data-listing endpoints across the ...

7.5CVSS5.9AI score0.00023EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/31 12:0 a.m.2 views

PT-2026-29362

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS5.9AI score0.00023EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/24 6:46 p.m.6 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00025EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.4 views

PT-2026-27480

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.5 Description The DomainZones.add API endpoint, accessible to customers with DNS enabled, does not validate the content field for specific DNS record types LOC, RP, SSHFP, TLSA. This allows an attacker to inject...

8.8CVSS5.9AI score0.00025EPSS
Exploits1References14
SUSE CVE
SUSE CVEadded 2024/08/06 4:49 a.m.2 views

SUSE CVE-1999-0184

When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...

6.4CVSS6.9AI score0.01208EPSS
Exploits0References2
Circl
Circladded 2023/12/22 5:57 p.m.6 views

CVE-2018-8823

creationtimestamp| type| source ---|---|--- 2023-12-22 17:57:58+00:00| seen| https://t.me/arpsyndicate/2061 2023-12-22 18:52:54+00:00| seen| https://t.me/arpsyndicate/2062 2024-11-26 09:06:49+00:00| seen| MISP/d0f67a25-b270-45aa-a235-c5da1f5eb45f...

9.8CVSS8.7AI score0.90063EPSS
Exploits1References2
OSV
OSVadded 2014/04/26 1:55 a.m.0 views

UBUNTU-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS5.8AI score0.002EPSS
Exploits0References4
Rows per page
Query Builder