Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.7 views

PT-2026-38409

Name of the Vulnerable Software and Affected Versions Aegra versions 0.9.0 through 0.9.6 Description Shared instances with multiple authenticated users are susceptible to a cross-tenant Insecure Direct Object Reference IDOR. An authenticated attacker who obtains another user's thread id can execu...

8.6CVSS6.1AI score0.00014EPSS
Exploits0References8
OSV
OSVadded 2026/05/06 11:19 p.m.1 views

GHSA-J72X-XFWG-783F ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace

Summary GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID can read device metadata from any other namespac...

6.5CVSS5.9AI score0.00035EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/24 10:56 a.m.0 views

CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

5.2AI score0.00023EPSS
Exploits0References1
CVE
CVEadded 2026/04/10 7:17 p.m.5 views

CVE-2026-32252

CVE-2026-32252 – Chartbrew : A cross-tenant authorization bypass exists in GET /team/:team_id/template/generate/:project_id prior to 4.9.0. The handler calls checkAccess(req, "updateAny", "chart") without awaiting the promise and does not verify the project_id belongs to the caller’s team. As a r...

7.7CVSS5.8AI score0.00033EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/03/07 12:0 a.m.2 views

Tencent WeKnora 安全漏洞

Tencent WeKnora is a LLM-based framework developed by Tencent China. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.0, there were security vulnerabilities in Tencent WeKnora. These vulnerabilities stemmed from a...

5.3CVSS7.3AI score0.00044EPSS
Exploits1References2
MSRC
MSRCadded 2025/11/09 12:0 a.m.6 views

INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol

When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...

7AI score
Exploits0
OSV
OSVadded 2012/12/18 1:55 a.m.1 views

PYSEC-2012-35

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

5.8AI score
Exploits0References14
Rows per page
Query Builder