Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/04/02 12:0 a.m.4 views

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software developed by Devcode, used for technical assistance and billing purposes. Versions of OpenSTAManager prior to 2.10.2 contained code vulnerabilities. These vulnerabilities stemmed from the oauth2.php file being an unvalidated endpoint. Attackers...

7.2CVSS5.9AI score0.00076EPSS
Exploits1References3
EUVD
EUVDadded 2026/03/21 3:31 a.m.2 views

EUVD-2026-13980

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...

7.2CVSS5.9AI score0.00097EPSS
Exploits0References11
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.3 views

Runtipi 访问控制错误漏洞

Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.8.0 contained a security vulnerability related to access control. This vulnerability stemmed from an unvalidated password reset endpoint, which could lead to account takeover attacks...

9.8CVSS5.8AI score0.00603EPSS
Exploits1References1
OSV
OSVadded 2026/03/06 10:16 p.m.2 views

GHSA-3FVX-XRXQ-8JVV soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import

While auditing the codebase in the wake of the webhook SSRF fix shipped in v0.11.1 GHSA-vwq2-jx9q-9h9f, it was identified that the LFS import path was never given the same treatment. The webhook fix introduced dual-layer SSRF protection — ValidateWebhookURL at creation time and secureHTTPClient...

9.1CVSS6AI score0.00024EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/12/01 12:0 a.m.3 views

PT-2025-48549

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, contains a flaw due to insufficient validation of parameters. This allows for error-based SQL injection through a...

9.8CVSS7.3AI score0.00033EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/09/15 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unvalidated USB endpoint type that could lead to an internal error...

5.5CVSS6.3AI score0.0002EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2024/06/28 12:0 a.m.8 views

PT-2024-28043 · Nextchat · Nextchat

Name of the Vulnerable Software and Affected Versions: NextChat versions prior to 2.12.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This is due to a lack of validation of the endpoint GET parameter on the "WebDav API endpoint". The SSRF can be used to...

7.4CVSS7.4AI score0.71115EPSS
Exploits0References4
Rows per page
Query Builder