Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/05/13 8:53 p.m.29 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/29 3:48 p.m.13 views

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References1
Veracode
Veracodeadded 2025/05/29 2:36 a.m.7 views

Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

6.9CVSS6.6AI score0.00745EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/05/27 6:0 p.m.4 views

GHSA-8R88-6CJ9-9FH5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

Impact The library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best...

6.9CVSS7.2AI score0.00745EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2025/05/27 4:15 p.m.3 views

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/12/22 8:40 p.m.24 views

GO-2022-1118 Improper validation of UUIDs in github.com/codenotary/immudb

A malicious server can trick a client into treating it as a different server by changing the reported UUID. immudb client SDKs use the server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple server...

5.9CVSS5.5AI score0.00261EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2018/10/12 7:18 p.m.70 views

HackerOne: Improper UUID validation results in bypass of #419896

This was found while evaluating the vulnerability and patch identified in 419896. I determined the deployed patch to be effective. However, I noticed tracer values could be sent which didn't conform to the UUID specification as characters outside of the a-f and 0-9 ranges could be used. For...

0.8AI score
Exploits0
Rows per page
Query Builder