Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

OSV
OSVadded 2026/05/06 5:23 p.m.3 views

GHSA-V5C3-6WVC-PC2Q QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

7.1CVSS5.9AI score0.0001EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/10 6:31 p.m.1 views

EUVD-2026-10472

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token...

9.8CVSS5.8AI score0.00096EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2026/02/14 5:15 a.m.336 views

Exploit for CVE-2026-1357

CVE-2026-1357 — WPvivid Backup & Migration RCE CVE Credit...

9.8CVSS5.6AI score0.1582EPSS
Exploits13
Vulnrichment
Vulnrichmentadded 2025/11/17 4:37 p.m.1 views

CVE-2025-13319 Authenticated SQL injection in API - Digi On-Prem Manager

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

8.8CVSS7.5AI score0.00083EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-35516

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00033EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2023/10/31 2:40 a.m.2 views

SUSE CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7AI score0.002EPSS
Exploits0References2
NVD
NVDadded 2023/06/07 10:15 p.m.11 views

CVE-2023-31200

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack...

8CVSS6.5AI score0.00033EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/02/28 12:0 a.m.5 views

CVE-2023-27295

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...

5.7AI score0.00242EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/02/27 12:0 a.m.8 views

CVE-2022-34908

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization ...

8.2CVSS8.6AI score0.004EPSS
Exploits0References3
OSV
OSVadded 2020/07/21 2:15 p.m.1 views

CVE-2020-12432

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...

6.1CVSS6.3AI score0.00288EPSS
Exploits1References2
Rows per page
Query Builder