Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

161 matches found

CNNVD
CNNVDadded 2026/05/28 12:0 a.m.4 views

OpenReplay 安全漏洞

OpenReplay is an open-source, developer-friendly, and self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-tenant IDOR vulnerabilities in the feature-flag and assist-stats routing mechanisms. Due t...

5.3CVSS5.8AI score0.00043EPSS
Exploits0References2
CVE
CVEadded 2026/05/18 1:48 p.m.13 views

CVE-2026-41947

Affected product: Dify v1.14.1 and prior. Vulnerability: authorization bypass in trace configuration endpoints due to missing tenant ownership checks. Impact: authenticated editor users can set/enable trace configurations for any application and redirect messages/responses to attacker‑controlled ...

9.3CVSS5.8AI score0.00038EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34334

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An insecure direct object reference allows unauthorized users to access and manipulate sensitive data across different tenants. This can result in unauthorized...

6.5CVSS5.8AI score0.00045EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/16 10:48 p.m.4 views

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

6AI score
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/02/20 7:39 p.m.19 views

CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS0.00313EPSS
Exploits1References1
NVD
NVDadded 2026/02/03 6:16 p.m.2 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS0.001EPSS
Exploits1References2
OSV
OSVadded 2026/02/03 6:16 p.m.2 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

7.5CVSS5.9AI score0.001EPSS
Exploits1References2
EUVD
EUVDadded 2026/02/03 12:0 a.m.1 views

EUVD-2025-206710

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.5AI score0.001EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...

10CVSS5.5AI score0.001EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/02/03 12:0 a.m.2 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.4AI score0.001EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/07 9:17 a.m.4 views

CVE-2025-1758

Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

8.8CVSS7.2AI score0.00504EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/19 12:32 a.m.23 views

CVE-2025-14908 JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...

6.5CVSS0.00134EPSS
Exploits1References5
OSV
OSVadded 2025/12/02 5:36 p.m.1 views

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS7AI score0.00617EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-27277

Malware in sbrugna...

5.4CVSS5.6AI score0.00127EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-16354

Malware in sbrugna...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-2895

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00233EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-2618

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00206EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-7769

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00436EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-17994

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00271EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-6737

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00504EPSS
Exploits0References2
Rows per page
Query Builder