Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2025/12/13 7:13 a.m.4 views

Information Disclosure

nautobotssot is vulnerable to Information Disclosure. The vulnerability is due to improper access control on an unauthenticated configuration page, which allows an attacker to view the ServiceNow public instance name without authentication...

5.3CVSS7AI score0.00245EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-48583

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00677EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/22 11:22 p.m.4 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

5.4CVSS7AI score0.00677EPSS
Exploits1References1
Prion
Prionadded 2023/02/13 2:15 p.m.18 views

Improper access control

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

5.8CVSS5.5AI score0.00677EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/02/13 12:0 a.m.17 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

5.8AI score0.00677EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/03/30 11:15 p.m.2 views

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies...

10CVSS7.8AI score0.15231EPSS
Exploits1References4
OSV
OSVadded 2020/05/07 6:15 p.m.3 views

CVE-2020-10972

An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page a certain live?.shtml page with the variable syspasswd. Affected Devices: Wavlink WN530HG4, Wavlink...

7.5CVSS7.2AI score0.01727EPSS
Exploits0References4
CNVD
CNVDadded 2017/05/16 12:0 a.m.4 views

Admidio Cross-Site Request Forgery Vulnerability (CNVD-2017-10374)

Admidio is a free online membership management system for associations, groups and organizations. The system offers features such as user management, adding and updating homepages, and installing and adjusting modules on it. A cross-site request forgery vulnerability exists in Admidio. The...

4.5CVSS5.2AI score0.02626EPSS
Exploits5References1
Rows per page
Query Builder