Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4494 matches found

Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.12 views

PT-2026-43239

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

5.3CVSS5.8AI score0.02607EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.7 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

6.1CVSS5.7AI score0.00198EPSS
Exploits0References1
Amazon
Amazonadded 2026/05/26 12:0 a.m.12 views

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00577EPSS
Exploits0
NVD
NVDadded 2026/05/25 3:16 p.m.10 views

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS0.0067EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/25 2:0 p.m.7 views

EUVD-2026-31688

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.0067EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 7:38 a.m.7 views

CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

5.8AI score0.00968EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.14 views

PT-2026-42998

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

7.5CVSS6.3AI score0.00309EPSS
Exploits0References6
GithubExploit
GithubExploitadded 2026/05/24 1:13 p.m.61 views

sql-injection

sql-injection python tool that...

5.9AI score
Exploits0
CheckPoint Security
CheckPoint Securityadded 2026/05/23 12:0 a.m.26 views

CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests

Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...

5.3CVSS5.6AI score0.02607EPSS
Exploits0
UbuntuCve
UbuntuCveadded 2026/05/22 11:16 p.m.8 views

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00521EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/22 10:34 p.m.9 views

EUVD-2026-31520

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00521EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/22 10:34 p.m.10 views

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.8AI score0.00521EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/22 7:32 p.m.8 views

EUVD-2026-31494

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

6.9CVSS5.3AI score0.00525EPSS
Exploits0References3
Snyk
Snykadded 2026/05/22 5:42 p.m.5 views

Cross-site Scripting (XSS)

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the inBodyEndTagOther function, when rendering sanitized HTML. An attacker can cause the execution of scripts in the...

6.1CVSS5.7AI score0.00249EPSS
Exploits0References2
NVD
NVDadded 2026/05/22 4:16 p.m.3 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS0.00236EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/22 4:16 p.m.5 views

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00236EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/05/22 4:16 p.m.8 views

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/05/22 4:16 p.m.4 views

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00249EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2026/05/22 3:1 p.m.4 views

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00236EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/22 3:1 p.m.2 views

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

5.9AI score0.0034EPSS
Exploits0References4
Rows per page
Query Builder