Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/03/18 12:0 a.m.3 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of application-level host permission checks in REST/WebUI applications. This could lead to DNS redirection attacks,...

5.9CVSS5.8AI score0.00028EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/05/22 3:45 p.m.3 views

CVE-2020-17383

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote...

10CVSS7.5AI score0.06292EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/03/22 1:21 p.m.6 views

CVE-2024-7040

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the userid parameter, it is possible to view the chats of any administrator,...

4.9CVSS7.1AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/03/22 12:34 p.m.10 views

CVE-2024-7043

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

8.8CVSS6.5AI score0.00188EPSS
Exploits1References1
OSV
OSVadded 2023/08/15 6:15 p.m.1 views

DEBIAN-CVE-2023-4362

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.5AI score0.22782EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/06/02 2:15 p.m.1 views

CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...

7.5CVSS5.9AI score0.00859EPSS
Exploits2References3
Metasploit
Metasploitadded 2019/07/11 6:10 p.m.62 views

Schneider Electric Pelco Endura NET55XX Encoder

This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions. This module requires Metasploit:...

9.8CVSS9.6AI score0.66933EPSS
Exploits4
Rows per page
Query Builder