Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query loggin...
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpo...
SSL verification is disabled in the DNS Cluster system
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary...
hoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery Token
gitoxide: Symlink prefix-reuse allows worktree escape during checkout
CVAT: Stored XSS via annotation guides
SQLBot: Unauthorized Access Vulnerability
ERPNext: Possibility of SQL Injection due to missing validation
ERPNext: Possibility of SQL Injection due to missing validation
Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm
Python-Multipart: Denial of Service via unbounded multipart part headers
MISP: Improper access control in auth key reset allows privilege escalation to site administrator
CubeCart: Authenticated RCE via Invoice Template → Order Print
CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header
CubeCart: Time-based Blind SQL Injection
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
Quark Drive < 0.8.5 Mass Assignment via POST /update
Showing 1 - 20 of 1,000+ results