Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/05/27 7:14 p.m.9 views

EUVD-2026-32634

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS6AI score0.00063EPSS
Exploits0References1
NVD
NVDadded 2026/05/09 8:16 p.m.9 views

CVE-2026-42601

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...

9.8CVSS0.00061EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/09 7:29 p.m.4 views

EUVD-2026-28935

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...

9.3CVSS5.9AI score0.00061EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/09 12:0 a.m.4 views

ArchiveBox 参数注入漏洞

ArchiveBox is a powerful, open-source, and self-hosted internet archiving solution developed by ArchiveBox. It is designed for collecting, storing, and viewing websites that you want to save offline. ArchiveBox versions 0.8.6rc0 and earlier have a parameter injection vulnerability. This...

9.8CVSS6.3AI score0.00061EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/15 12:0 a.m.19 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

0.00323EPSS
Exploits0References1
Veracode
Veracodeadded 2026/03/21 5:22 a.m.5 views

Code Injection

craftcms/cms is vulnerable to Code Injection. The vulnerability is due to passing unvalidated configuration data to Craft::configure without proper sanitization, which allows an attacker to inject malicious behavior or event handlers and execute arbitrary code...

8.6CVSS6.1AI score0.00048EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/01/11 12:0 a.m.1 views

Cloudflare WARP 输入验证错误漏洞

Cloudflare WARP Cloudflare Vpn is a client-side application for secure connections from Cloudflare, Inc. A security vulnerability in Cloudflare WARP, which stems from a lack of proper validation of the supporturi parameter in its client-side local settings file mdm.xml, allows an attacker to...

8.9CVSS7.8AI score0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/02/23 12:0 a.m.3 views

CVE-2022-22349

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...

4.3CVSS6AI score0.00382EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder