Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/04/21 3:14 p.m.2 views

GHSA-GFC2-9QMW-W7VH Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

Summary The Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This allows a malicious website to read sensitive system information from a running...

7.1CVSS5.8AI score0.00033EPSS
Exploits1References4
NVD
NVDadded 2026/02/13 7:17 p.m.2 views

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

9.8CVSS0.005EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/02/11 7:49 p.m.5 views

Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Summary Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath default: by-dev, enabling arbitrary expression evaluation. 2. The full REST API...

9.8CVSS6.8AI score0.005EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/09/29 8:39 p.m.4 views

CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

10CVSS0.00944EPSS
Exploits1References4
CNNVD
CNNVDadded 2025/09/29 12:0 a.m.2 views

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1026 that originates from an unauthenticated REST API endpoint exposing configuration files and plaintext passwords,...

10CVSS7.8AI score0.00944EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/09/12 8:30 a.m.40 views

CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.8713EPSS
Exploits6References4
Rows per page
Query Builder