Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin server-side request forge...
Plane's asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user rea...
In Docmost versions 0.70.0 through 0.70.2, restricted child pages hidden from public share viewers could still leak through public share search res...
phpSysInfo versions 3.4.5 and below suffer from an IP Allowlist bypass vulnerability...
SMBGhost Scanner — CVE-2020-0796 SMBv3 vulnerability scanner SMBGhost. Detects vulnerable Windows hosts by sending a malformed SMBv3 negotiation pa...
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Sock...
CVE-2026-26980 — Ghost CMS Content API Blind SQL Injection Affected: Ghost 3.24.0 – 6.19.0 Fixed in: Ghost 6.19.1 Auth required: None — Content API...
pocsmith pocsmith generates modular Python proof-of-concept templates from alias flags or YAML profiles. Install From GitHub with pipx: bash pipx i...
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to...
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
