Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

428 matches found

Tenable Nessus
Tenable Nessusadded 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...

6.5CVSS5.9AI score0.00013EPSS
Exploits0References2
NVD
NVDadded last week7 views

CVE-2026-9818

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
RedhatCVE
RedhatCVEadded 2026/05/27 8:13 p.m.4 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/27 2:12 a.m.7 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00038EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 7:43 p.m.5 views

EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00013EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 6:16 p.m.8 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:43 p.m.4 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/26 5:43 p.m.6 views

EUVD-2026-31943

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 5:43 p.m.23 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00033EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 5:43 p.m.12 views

CVE-2026-44669

CVE-2026-44669 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Before version 1.8.3, it is vulnerable to stored XSS in attachment filenames used in the assessment file preview flow. User-supplied filename values are persisted server-side and later rendered into HTML/a...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 5:42 p.m.5 views

EUVD-2026-31942

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/26 5:42 p.m.32 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00033EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.4 views

PT-2026-43347

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.6 views

PT-2026-43345

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00033EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.4 views

Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

8.7CVSS5.7AI score0.00033EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 2:5 p.m.17 views

CVE-2026-9078

Firefox for iOS suffers a rendering issue in link-preview UI where specially crafted RTL and internationalized domain names could cause the displayed domain to visually reorder, making attacker-controlled sites appear as trusted origins. The vulnerability affects the RTL/IDN rendering surface wit...

5.4CVSS5.8AI score0.00038EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:5 p.m.4 views

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00038EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/25 2:5 p.m.4 views

EUVD-2026-31693

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00038EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/05/25 2:5 p.m.10 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00038EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:5 p.m.4 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00038EPSS
Exploits0References3
Rows per page
Query Builder