Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/05/14 8:55 p.m.18 views

@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTTPS / loopback allowlist, but callTool reuses the resolved...

4.7CVSS6AI score0.00029EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2025/10/13 7:57 p.m.5 views

CVE-2025-58084 Mattermost Desktop App crashes when clicking on malformed external URL

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

3.5CVSS0.00059EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.12 views

EUVD-2022-1343

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00151EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-6289

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.0056EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/05/21 12:0 a.m.2 views

PT-2025-22328 · WordPress · Affiliate Sales In Google Analytics/Other Tools

Name of the Vulnerable Software and Affected Versions: The Affiliate Sales in Google Analytics and other tools plugin for WordPress versions up to, and including, 1.4.9 Description: The issue is due to insufficient validation on the redirect url supplied via the afflink parameter. This makes it...

6.1CVSS6.2AI score0.00143EPSS
Exploits0References4
CVE
CVEadded 2025/04/20 12:0 a.m.57 views

CVE-2020-36845

The CVE-2020-36845 entry concerns KnowBe4 Security Awareness Training prior to 2020-01-10. A redirect function does not validate the destination URL, and the HTTP response contains a SCRIPT element that sets window.location.href to an arbitrary https URL, enabling an insecure redirect. Affected p...

6.1CVSS7AI score0.00161EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2021/10/20 11:55 a.m.5 views

CVE-2021-25972 Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4.9CVSS6.4AI score0.00261EPSS
Exploits0References2
Exploit DB
Exploit DBadded 1999/05/25 12:0 a.m.30 views

FloosieTek FTGate 2.1 - Web File Access

source: https://www.securityfocus.com/bid/280/info A vulnerability in Floosietek's FTGate allows remote malicious users to steal local files. Floosietek's FTGate is a Win32 mail server program. One of its features is allowing administrators to check the status of the mail server using a web brows...

7.4AI score
Exploits0
Rows per page
Query Builder