Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/05/14 8:26 p.m.8 views

Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Summary When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so we consider this a security issue. Compare...

4.3CVSS5.8AI score0.00026EPSS
Exploits1References4Affected Software1
Packet Storm News
Packet Storm Newsadded 2026/04/27 12:0 a.m.6 views

Selenium Grid 4.11.0 Selenoid Backend Detection and Safe Session Validation Inspector

The provided Python script is a non-exploit reconnaissance and validation tool designed to identify Selenium Grid or Selenoid deployments exposed via HTTP APIs...

5.2AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/26 3:3 p.m.1 views

CVE-2026-30946

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limi...

8.7CVSS5.7AI score0.00022EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.5 views

PT-2025-51902

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.2 Safari versions prior to 26.2 Description A flaw exists due to improved URL validation. Specifically, on a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that...

9.8CVSS6.2AI score0.0005EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2025/11/09 12:23 a.m.2 views

SUSE CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

8.7CVSS6.8AI score0.00682EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2025/07/02 12:0 a.m.94 views

📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure

Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...

8.8CVSS6.3AI score0.11459EPSS
Exploits2
OSV
OSVadded 2018/12/20 2:29 p.m.0 views

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

8.1CVSS5.8AI score0.00349EPSS
Exploits0References3
Rows per page
Query Builder