Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context
Cacti: Path Traversal via filename parameter in package_import.php
Cacti has a Reflected XSS Vulnerability via html_auth_footer
Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter
ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability
ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability
Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist
Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control
chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory
chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon
Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation
Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images
motionEye: World-Readable Configuration File Exposes Admin Password Hash
Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body
Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification
Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Gogs: DOM-based XSS via Milestone Name on New Issue Page
Showing 1 - 20 of 1,000+ results