Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/28 10:45 p.m.6 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure default permissions that grant regular users elevated privileges. An attacker can gain unauthorized access to host files and execute code with root-level privileges by leveraging authenticat...

9.4CVSS6AI score0.00056EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/06 8:24 a.m.2 views

CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

5.1CVSS5.8AI score0.00015EPSS
Exploits0References1
CVE
CVEadded 2026/03/06 8:24 a.m.278 views

CVE-2026-23925

The CVE-2026-23925 issue affects Zabbix where an authenticated User with template/host write perms can misuse configuration.import to create unauthorized objects, leading to confidentiality loss (e.g., unauthorized hosts). Public sources corroborate an authorization bypass in Zabbix frontend/API ...

8.1CVSS5.8AI score0.00015EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2019-14765

Malware in sbrugna...

9.1CVSS9AI score0.02153EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/08/25 5:39 p.m.1 views

CVE-2025-57802 Airlink's Daemon Symlink Vulnerability

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

8.7CVSS7.1AI score0.00166EPSS
Exploits0References2
OSV
OSVadded 2024/11/05 7:15 p.m.2 views

CVE-2024-0134

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...

4.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2024/02/15 4:21 a.m.10 views

CVE-2024-25940 bhyveload(8) host file access

bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. In the bhyveload8 model, the host supplies a userboot.so to...

6.4AI score0.00229EPSS
Exploits0References2
securityvulns
securityvulnsadded 2010/03/01 12:0 a.m.35 views

AST-2010-003: Invalid parsing of ACL rules can compromise security

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security |...

7.5AI score
Exploits0
Rows per page
Query Builder