Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.5 views

PT-2026-45047

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

7.7CVSS5.8AI score
Exploits0References5
NVD
NVDadded 2025/11/06 8:15 p.m.1 views

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

6.3CVSS0.00025EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/08/14 12:0 a.m.5 views

PT-2025-37215

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the ALSA subsystem related to USB audio handling. Specifically, UAC3 cluster segment descriptors require validation to ensure their sizes align with...

7.1CVSS6.4AI score0.00022EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2024/11/07 10:0 p.m.19 views

changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

8.6CVSS6.5AI score0.00143EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologiesadded 2024/01/09 12:0 a.m.1 views

PT-2024-1017 · Microsoft · Windows Cryptographic Services +1

Name of the Vulnerable Software and Affected Versions: Windows Cryptographic Services affected versions not specified Description: The issue is related to insufficient input validation in the Cryptographic Services of Windows operating systems. This can allow an attacker to execute arbitrary code...

7.8CVSS9.5AI score0.00254EPSS
Exploits0References12
Cvelist
Cvelistadded 2023/06/26 12:0 a.m.15 views

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

9.8AI score0.82007EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2022/08/29 12:0 a.m.1 views

PT-2022-24489 · Patlite · Patlite Nh-Fb

Name of the Vulnerable Software and Affected Versions: Patlite NH-FB versions 1.46 and below Description: The issue is related to insufficient firmware validation during the upgrade firmware file upload process. This allows authenticated attackers to create and upload their own custom-built...

8.8CVSS6.8AI score0.00265EPSS
Exploits0References10
Prion
Prionadded 2018/06/07 9:29 p.m.13 views

Cross site scripting

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...

3.5CVSS5.4AI score0.00235EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder