Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

107 matches found

Github Security Blog
Github Security Blogadded 2026/05/08 4:32 p.m.5 views

gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense

Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...

5.9AI score
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/21 8:35 p.m.1 views

CVE-2026-34269

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

6.1CVSS5.8AI score0.0003EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/04/13 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-34045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows...

9.1CVSS5.8AI score0.00085EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 8:52 p.m.1 views

CVE-2026-34045

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection...

8.2CVSS5.9AI score0.00085EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.1 views

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.5CVSS5.7AI score0.00032EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 10:24 p.m.2 views

CVE-2026-21980

Vulnerability in the Oracle Life Sciences Central Coding product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

6.5CVSS5.5AI score0.00042EPSS
Exploits0References1
NVD
NVDadded 2026/01/20 10:15 p.m.4 views

CVE-2026-21943

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Scripting Admin. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

6.1CVSS0.00044EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.3 views

PT-2026-2315

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.0.216 Description OpenCode, an open source AI coding agent, has an issue where it automatically starts an unauthenticated HTTP server. This allows any local process, or any website due to permissive CORS settings, ...

10CVSS6.3AI score0.05324EPSS
Exploits7References22
RedhatCVE
RedhatCVEadded 2026/01/09 8:52 a.m.2 views

CVE-2021-2078

Vulnerability in the Oracle Configurator product of Oracle Supply Chain component: UI Servlet. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attack...

8.2CVSS6.5AI score0.01691EPSS
Exploits0References1
NVD
NVDadded 2025/12/17 5:15 p.m.5 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS0.00006EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/17 12:0 a.m.2 views

PT-2025-51840

Name of the Vulnerable Software and Affected Versions Netun Solutions HelpFlash IoT version v18 178 221102 ASCII PRO 1R5 50 Description The over-the-air OTA firmware update process in the software does not properly authenticate update servers or validate firmware signatures, and relies on...

6.6CVSS7.3AI score0.00006EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/21 8:3 p.m.6 views

EUVD-2025-35230

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...

9.8CVSS6.6AI score0.00086EPSS
Exploits3References1
EUVD
EUVDadded 2025/10/21 8:3 p.m.1 views

EUVD-2025-35279

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS5.1AI score0.00024EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2025/10/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-61884

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful...

7.5CVSS5.8AI score0.51081EPSS
In wildExploits6References15
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2021-27170

Malware in sbrugna...

7.5CVSS7.5AI score0.00255EPSS
Exploits0References2
NVD
NVDadded 2025/10/03 10:15 p.m.1 views

CVE-2025-61679

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

7.7CVSS0.00019EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-47140

Malicious code in bioql PyPI...

7.5CVSS8.4AI score0.1067EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-22913

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00177EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-50033

Malicious code in bioql PyPI...

9.8CVSS6.2AI score0.02768EPSS
Exploits5References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-50521

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00066EPSS
Exploits0References1
Rows per page
Query Builder