CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Improper Input Validation via the HTML entity decoding logic in the client-side PDF export pipeline. An attacker can explo...

6.9CVSS6.8AI score

Exploits0References3

Tenable Nessus•added 2025/08/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2016-10531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it'...

6.1CVSS6.8AI score0.00289EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 8:10 a.m.•5 views

CVE-2024-54142

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...

9CVSS6.4AI score0.00354EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:39 a.m.•4 views

CVE-2023-26046

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

6.5CVSS6.1AI score0.00644EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:8 p.m.•5 views

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6.1CVSS5.7AI score0.00201EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:25 a.m.•6 views

CVE-2019-10010

Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...

6.1CVSS5.8AI score0.00326EPSS

Exploits2References1

OSV•added 2025/03/10 8:13 a.m.•7 views

BIT-DJANGO-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.9AI score0.01038EPSS

Exploits0References5

OSV•added 2025/03/07 8:58 p.m.•2 views

BIT-MODSECURITY2-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

7.9CVSS7.3AI score0.00274EPSS

Exploits1References3

BDU FSTEC•added 2025/03/03 12:0 a.m.•1 views

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity allows attackers to circumvent existing security restrictions.

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity is related to incorrect processing of HTML entities during decoding. Exploiting this vulnerability allows an attacker to bypass existing security restrictions by sending HTML entitie...

7.8CVSS7.5AI score0.00274EPSS

Exploits1References3Affected Software1