Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors
Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
Cap-go - OTP Bypass via Response Manipulation in Email Verification
Apache APISIX: Openid-connect plugin Identity Header Spoofing
Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription
Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
Mastodon has a consent-check bypass in its remote Collections
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7
Netty has Insufficient Bailiwick Validation for NS Records
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
WPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook Endpoint
Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action
Shared Secret Quota Inflation
Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering
authentik: SAML source does not validate Conditions, timing, or audience on assertions
Showing 1 - 20 of 1,000+ results