Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC
BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization
BerriAI litellm M2M JWT user_api_key_auth.py improper authorization
BerriAI litellm Admin Key key_management_endpoints.py improper authorization
Capgo - Policy Enforcement Bypass in Webhook Management Endpoints via Non-Expiring API Keys
Liquidfiles versions before 4
DevGuard has improper authorization on public assets
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Cisco Identity Services Engine Information Disclosure Vulnerability
hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization
ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization
Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme
Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
Frappe: IDOR in `submit_discussion()`
Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
SpiceDB: Caveat structures with nested lists can result in improper cache reuse
Showing 1 - 20 of 1,000+ results