Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2751 matches found

EUVD
EUVDadded 2026/06/02 9:11 a.m.11 views

EUVD-2026-33905

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00044EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/31 12:4 p.m.15 views

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00033EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/30 12:0 a.m.8 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ‘genre’ parameter, which may allow unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0009EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/29 3:23 p.m.13 views

CVE-2026-10101 Assisted-service: assisted-service: infraenv status leaks referenced pull-secret contents to namespace view users

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00031EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.7 views

PT-2026-45053

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcp server/adapters/cli tools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

9.6CVSS6AI score0.00147EPSS
Exploits1References3
Nuclei
Nucleiadded 2026/05/28 5:39 a.m.49 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.94286EPSS
Exploits3References4
Tenable Nessus
Tenable Nessusadded 2026/05/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuple...

6.1CVSS6AI score0.00031EPSS
Exploits1References3
NVD
NVDadded 2026/05/26 9:16 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00031EPSS
Exploits1References2
OSV
OSVadded 2026/05/26 9:16 p.m.4 views

DEBIAN-CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/05/26 9:16 p.m.5 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References3
OSV
OSVadded 2026/05/26 9:16 p.m.3 views

UBUNTU-CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/05/26 8:41 p.m.6 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1
EUVD
EUVDadded 2026/05/26 8:41 p.m.8 views

EUVD-2026-31995

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References2
CVE
CVEadded 2026/05/26 8:41 p.m.15 views

CVE-2026-44898

Mistune (Python Markdown parser) contains a TOC rendering flaw in render_toc_ul() prior to version 3.2.1: it inserts the heading ID (k) and text directly into an and the visible label without escaping, enabling an attacker to craft a heading whose text breaks out of the href context and injects ...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/26 8:41 p.m.28 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00031EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 8:41 p.m.6 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00031EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2026/05/26 6:40 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the debugMode process. An attacker can obtain sensitive server-side source code and file contents by provoking a runtime error in a served script. Remediation Upgrade github.com/xyproto/algernon/engine to versio...

8.7CVSS5.9AI score0.00042EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/26 6:16 p.m.10 views

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

8.1CVSS5.9AI score0.00052EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/05/26 4:16 p.m.8 views

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

9.8CVSS5.9AI score0.00527EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43274

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniper plugin/fastnetmon juniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

6AI score0.00527EPSS
Exploits1References4
Rows per page
Query Builder