Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS
SP1 V6 Recursion Circuit Row-Count Binding Gap
OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering
LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header
WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticit...
fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
Electron: Service worker can spoof executeJavaScript IPC replies
nimiq/core-rs-albatross: Macro block proposal interlink bug
OpenFGA has an Authorization Bypass through cached keys
PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification
janmojzis tinyssh Ed25519 Signature crypto_sign_ed25519_tinyssh.c signature verification
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload
barebox: FIT Signature Verification Bypass Vulnerability
OneUptime: WhatsApp Webhook Missing Signature Verification
Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification
OpenClaw < 2026.2.21 - Client IP Spoofing via X-Forwarded-For Header Parsing
Showing 1 - 20 of 1,000+ results