Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
Locutus: RCE via unsanitized input in create_function()
Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL
Honeywell IQ4x BMS Controller Missing authentication for critical function
Tolgee has an XXE Injection in Translation Import
Parse Server: Account takeover via operator injection in authentication data identifier
Parse Server OAuth2 adapter shares mutable state across providers via singleton instance
Dataease: Redshift JDBC RCE Bypass
DataEase SQL Injection Vulnerability
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) ...
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server
Authenticated RCE via unsanitized compression_algorithm
CVE-2026-3060
CVE-2026-3059
Malicious code in json-specparse (npm)
Showing 1 - 20 of 1,000+ results