Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/04/17 8:47 p.m.4 views

CVE-2026-40293

OpenFGA OpenID/OpenFGA Playground vulnerability (CVE-2026-40293) affects OpenFGA 0.1.4–1.13.1 when preshared authentication is used and the built‑in playground is enabled with the endpoint accessible beyond localhost. The local HTML response from /playground reveals the preshared API key, enablin...

6.5CVSS5.7AI score0.00088EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 2026/01/08 4:41 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting...

8.7CVSS6.8AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.2 views

PT-2026-1913

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.0 Description CoreDNS is a DNS server that utilizes plugins. Several CoreDNS server implementations, including gRPC, HTTPS, and HTTP/3, do not have sufficient resource limits. An unauthenticated remote attacker c...

8.7CVSS8.3AI score0.00213EPSS
Exploits0References10
Snyk
Snykadded 2025/12/02 6:28 a.m.1 views

Incorrect Default Permissions

Overview bzfs is a bzfs is a reliable near real-time, parallel replication and backup command-line tool for ZFS. It replicates snapshots from many local or remote source ZFS datasets and their descendants to local or remote destination datasets, using zfs send/receive and ssh, and can operate at...

6.3CVSS5.8AI score
Exploits0References3
Snyk
Snykadded 2025/12/01 11:4 p.m.2 views

Server-side Request Forgery (SSRF)

Overview @portkey-ai/gateway is an A fast AI gateway by Portkey Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-portkey-custom-host request header, which allows user-supplied values to determine the destination baseURL in the proxy route. An attacker...

7.2CVSS6.8AI score0.00068EPSS
Exploits0References2
Snyk
Snykadded 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snykadded 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
Snyk
Snykadded 2025/03/24 7:7 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the matchSignatures function in cosign.go, which does not check for subjectRegExp or issuerRegExp values during artifact signature verification. An attacker can deploy unauthorized...

8CVSS6.9AI score0.00083EPSS
Exploits1References2
Rows per page
Query Builder