Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6108 matches found

OSV
OSVadded 2026/05/14 8:29 p.m.3 views

GHSA-9RMH-MM8F-R9H6 Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

5.9CVSS5.8AI score0.00421EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/05/14 8:29 p.m.4 views

Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/05/14 8:17 p.m.4 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00207EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/14 8:17 p.m.5 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/13 9:32 p.m.6 views

EUVD-2025-209830

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

5.7AI score0.0014EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/13 6:30 p.m.10 views

EUVD-2026-30012

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

5.9AI score0.00121EPSS
Exploits0References8
NVD
NVDadded 2026/05/13 4:16 p.m.12 views

CVE-2026-43476

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

7.8CVSS0.00121EPSS
Exploits0References7
CVE
CVEadded 2026/05/13 3:8 p.m.17 views

CVE-2026-43476

CVE-2026-43476 affects the Linux kernel’s IIO sensor driver for SPS30 (iio: chemical: sps30_i2c). The root cause is a faulty buffer size calculation in sps30_i2c_read_meas() where sizeof(num) yields sizeof(size_t) (8 bytes on 64-bit) instead of the intended 4-byte __be32 element size; the fix use...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/13 3:8 p.m.3 views

CVE-2026-43476

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

5.9AI score0.00121EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2026/05/13 3:8 p.m.39 views

CVE-2026-43476 iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

7.8CVSS0.00121EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/13 2:57 p.m.5 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/13 2:57 p.m.7 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/13 2:21 p.m.7 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.13 views

CVE-2026-42838

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS0.0024EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 9:16 a.m.12 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00187EPSS
Exploits0References3
OSV
OSVadded 2026/05/12 8:50 a.m.3 views

BIT-LIBPHP-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.0045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 7:48 a.m.3 views

CVE-2026-6247

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
CVE
CVEadded 2026/05/12 7:48 a.m.10 views

CVE-2026-6247

The CVE concerns the WordPress plugin scratchblocks for WP (versions up to 1.0.1). It is vulnerable to a Stored Cross-Site Scripting (XSS) flaw via the 'element' attribute of the scratchblocks shortcode. Exploitation requires authenticated access at Contributor level or higher , and an attacker c...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 7:48 a.m.3 views

CVE-2026-6247 scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/12 7:48 a.m.46 views

CVE-2026-6247 scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00187EPSS
Exploits0References3
Rows per page
Query Builder