Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...

8.8CVSS5.8AI score0.00064EPSS
Exploits1References5
UbuntuCve
UbuntuCveadded 2026/05/29 12:0 a.m.6 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00064EPSS
Exploits1References3
Veracode
Veracodeadded 2026/04/16 9:21 a.m.4 views

Cross-site Request Forgery

RedwoodSDK is vulnerable to Cross-site Request Forgery. The vulnerability is due to server functions exported from 'use server' files being invoked via GET requests, bypassing their intended HTTP method, where browsers send SameSite=Lax cookies on top-level GET requests and an attacker could...

8.1CVSS5.8AI score0.00006EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/09 5:46 p.m.2 views

CVE-2026-29023

Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instanc...

7.3CVSS5.7AI score0.00057EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2023/11/17 9:38 p.m.22 views

LibreNMS vulnerable to rate limiting bypass on login page

Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...

7.5CVSS5.7AI score0.00008EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/06/21 9:15 a.m.5 views

CVE-2022-23073

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS...

3.5CVSS5.8AI score0.00238EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2019/07/16 12:15 a.m.0 views

UBUNTU-CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00141EPSS
Exploits0References3
Rows per page
Query Builder