Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/24 11:11 a.m.7 views

Malicious code in @jonusnattapong/claudecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a08b3e13079279fb9dce40859dd868b0953bec139996eb7ac915a7dc415b29c Package is a third-party reconstruction of Anthropic's Claude Code CLI that misrepresents itself as the official product. package.json describes itse...

5.9AI score
Exploits0References1
Cvelist
Cvelistadded 2026/04/02 3:6 p.m.14 views

CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

9.8CVSS0.003EPSS
Exploits0References2
NVD
NVDadded 2026/03/24 3:16 p.m.3 views

CVE-2026-33316

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The ResetPassword function sets the user’s status to StatusActive after a successful password reset without...

8.1CVSS0.00363EPSS
Exploits1References4
OSV
OSVadded 2026/03/11 4:42 p.m.3 views

CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens

Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...

4.8CVSS5.8AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/11/21 12:0 a.m.3 views

PT-2023-30745

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2023.8.5 authentik versions prior to 2023.10.4 Description The issue concerns the implementation of the Proof Key for Code Exchange PKCE in authentik, an open-source identity provider. When initializing an OAuth2 fl...

9.8CVSS5.8AI score0.01237EPSS
Exploits1References18
Code423n4
Code423n4added 2023/07/21 12:0 a.m.15 views

bypass flow limit by transferring tokens at epoch's boarder

Lines of code Vulnerability details Impact Token flow can reach 2flowlimit in a very short time. Proof of Concept We store the flow out and flow in tokens numbers for every epoch: / @dev Returns the slot which is used to get the flow out amount for a specific epoch @param epoch The epoch to get t...

7AI score
Exploits0
Rows per page
Query Builder