Search Vulnerabilities

Netty's Default QUIC token handler accepts any client-supplied token

Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

electerm: Local code through electerm's single-instance socket

Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address

Anviz CrossChex Standard Improper Verification of Source of a Communication Channel

OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterface

Authenticator Vulnerable to Authentication Flow Hijack

Easy Chat Server 3.1 Denial of Service via message Parameter

Cesanta Mongoose TCP Sequence Number net_builtin.c getpeer verification of source

Dell PowerProtect Data Manager, version(s) prior to 19

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range

Improper validation of source IP addresses in OpenVPN version 2

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowin...

SillyTavern Web Interface Vulnerable to DNS Rebinding

A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent att...

Improper validation of payload elements

Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to ...