Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

7 matches found

Snyk
Snykβ€’added 2025/12/29 10:44 p.m.β€’0 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via using the numpy.f2py.crackfortran.parameval function. An attacker can execute arbitrary code by crafting ...

8.4CVSS7.7AI score
Exploits0References3
RedhatCVE
RedhatCVEβ€’added 2025/05/14 3:27 p.m.β€’14 views

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS7AI score0.00041EPSS
Exploits0References1
Snyk
Snykβ€’added 2025/05/12 3:40 p.m.β€’2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

3.2CVSS7.1AI score0.00041EPSS
Exploits0References2
Snyk
Snykβ€’added 2025/05/12 3:40 p.m.β€’1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

3.2CVSS7.1AI score0.00041EPSS
Exploits0References2
Vulnrichment
Vulnrichmentβ€’added 2025/05/12 2:57 p.m.β€’9 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS6.9AI score0.00041EPSS
Exploits0References3
Prion
Prionβ€’added 2024/03/14 10:53 p.m.β€’34 views

Design/Logic Flaw

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

6.8AI score0.00232EPSS
Exploits1References4Affected Software1
CNVD
CNVDβ€’added 2019/08/29 12:0 a.m.β€’2 views

WordPress anycomment plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress anycomment plugin versions prior to 0.0.33. The...

6.1CVSS6.3AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder