Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/11 10:22 p.m.7 views

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS0.00044EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/24 12:0 a.m.4 views

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.0003EPSS
Exploits0References4
Veracode
Veracodeadded 2025/12/13 6:48 a.m.4 views

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

5.3CVSS5.8AI score0.00045EPSS
Exploits1References5Affected Software1
Microsoft CVE
Microsoft CVEadded 2022/12/09 8:0 a.m.1 views

A OS Command Injection vulnerability exists in Node.js versions <14.21.1 <16.18.1 <18.12.1 <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

...

8.1CVSS7.1AI score0.00565EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2022/04/25 4:16 p.m.2 views

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

8.8CVSS7.6AI score0.01555EPSS
Exploits1References3
OSV
OSVadded 2021/03/02 10:15 p.m.1 views

CVE-2020-12527

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

6.5CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2011/04/10 2:55 a.m.1 views

DEBIAN-CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...

3.3CVSS6.6AI score0.00038EPSS
Exploits0References1
Rows per page
Query Builder