Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext
@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
shopware/commercial: `/api/_info/config` route exposes information about licenses
swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes
Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI
OpenClaw File Existence tools.exec.safeBins information exposure
Parse Server has a protected fields bypass via LiveQuery subscription WHERE clause
Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise
Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise
Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.
Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
Windows Accessibility Infrastructure (ATBroker.exe) Information Disclosure Vulnerability
Windows Shell Link Processing Spoofing Vulnerability
Glances Exposes Unauthenticated Configuration Secrets
FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info
Shescape has possible misidentification of shell due to link chains
Caddy: vars_regexp double-expands user input, leaking env vars and files
mcp-memory-service: System Information Disclosure via Health Endpoint
UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle
Showing 1 - 20 of 1,000+ results