Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter
Cost Calculator Builder <= 4.0.11 - Unauthenticated Sensitive Information Exposure of Payment Gateway Secret Keys
Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure
Members <= 3.2.22 - Unauthenticated Sensitive Information Disclosure via REST API Pagination Side Channel
Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server
Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API
Grist: Insufficient access control in the /forms endpoint exposes table metadata
RabbitMQ: Unauthenticated disclosure of OAuth client credentials via an HTTP API endpoint with certain less common OAuth 2 configurations
Deloitte AI Assist for Customer information disclosure
Apprise forwards configured auth headers across cross-origin HTTP redirects
9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover
phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints
zhayujie CowAgent Browser Tool browser_tool.py BrowserTool._do_navigate information disclosure
Discourse: Private event sample invitees are serialized to non-invited event viewers
Discourse: Hidden post revisions leak through adjacent visible diffs
Discourse: Secure uploads exposed by hotlinked image copying
Discourse: Hidden tag names leaked via category serializers
Hoppscotch: Insecure Default Configuration Allows Public Exposure of Private Collection Data via Mock Server
Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials
Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id
Showing 1 - 20 of 1,000+ results