Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachmen
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requ
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attachment upload functionality. The application does no
HomeBox is a home inventory and organization system. Prior to 0.24.0, the authentication rate limiter (authRateLimiter) tracks failed attempts per client IP. It determines the client IP by reading, 1.
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. Se
A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handle
CVE-2024-51800
CRITICAL CVSS 9.8
Find Similar
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of comp
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups en
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handle
A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is
A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The ma
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build
A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The ma
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-ga
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1
CVE-2025-52665
CRITICAL CVSS 10.0
Find Similar
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build
Page 1+ Next →