Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6699 matches found

Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.1 views

PT-2026-29844

Name of the Vulnerable Software and Affected Versions Rack versions 3.0.0.beta1 through 3.1.20 and 3.2.0 through 3.2.5 Description The Rack web server interface is susceptible to a header parsing issue within Rack::Utils.forwarded values. The component incorrectly parses the RFC 7239 Forwarded...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References23
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.4 views

PT-2026-29921

Summary Rack::Utils.forwarded values parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as: http Forwarded: for="127.0.0.1;host=evil.com;proto=https" can be interpreted by Rack a...

4.8CVSS5.9AI score0.00179EPSS
Exploits0References4
RubySec
RubySecadded 2026/04/02 12:0 a.m.11 views

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
RubySec
RubySecadded 2026/04/02 12:0 a.m.8 views

Rack - Forwarded Header semicolon injection enables Host and Scheme spoofing

Summary Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as: http Forwarded: for="127.0.0.1;host=evil.com;proto=https" can be interpreted by Rack as...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/01 8:25 p.m.2 views

EUVD-2026-17977

Open WebUI has Broken Access Control in Tool Valves...

7.7CVSS5.9AI score0.05271EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/01 6:36 p.m.4 views

EUVD-2026-17960

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS6AI score0.00569EPSS
Exploits1References3
NVD
NVDadded 2026/04/01 6:16 p.m.4 views

CVE-2026-34222

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS0.05271EPSS
Exploits1References3
NVD
NVDadded 2026/04/01 5:28 p.m.7 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS0.00569EPSS
Exploits1References2
CVE
CVEadded 2026/04/01 5:2 p.m.5 views

CVE-2026-34222

Affected product: Open WebUI, a self-hosted offline AI platform. Issue: broken access control in tool values prior to version 0.8.11. Impact: potential exposure due to access control bypass; CVSS 3.1 base score 7.7 (HIGH) with Network attack vector, low privileges required, no user interaction, c...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/01 5:2 p.m.0 views

CVE-2026-34222 Open WebUI has Broken Access Control in Tool Valves

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/01 5:2 p.m.21 views

CVE-2026-34222 Open WebUI has Broken Access Control in Tool Valves

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS0.05271EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/01 3:31 p.m.4 views

EUVD-2026-17901

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References2
NVD
NVDadded 2026/04/01 3:22 p.m.3 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS0.0025EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/01 6:31 a.m.4 views

EUVD-2026-17816

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References2
Snyk
Snykadded 2026/04/01 12:5 a.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

9.3CVSS6.2AI score0.00343EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/01 12:0 a.m.21 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/01 12:0 a.m.3 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

6AI score0.00569EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.6 views

PT-2026-29571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/01 12:0 a.m.7 views

Sage DPW 安全漏洞

Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/01 12:0 a.m.6 views

CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

9.8CVSS6AI score0.00569EPSS
Exploits1References3
Rows per page
Query Builder