Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30541 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/12 10:2 p.m.2 views

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

7.5CVSS5.8AI score0.00055EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/12 8:21 p.m.7 views

CVE-2026-42451

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00008EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/12 12:0 a.m.2 views

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...

7.5CVSS5.8AI score0.00055EPSS
Exploits1References1
OSV
OSVadded 2026/05/09 8:16 p.m.3 views

DEBIAN-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.00086EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/09 8:16 p.m.3 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.00086EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/05/09 7:37 p.m.2 views

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS5.7AI score0.00086EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/09 7:37 p.m.4 views

EUVD-2026-28923

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS5.7AI score0.00086EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/09 7:37 p.m.28 views

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

2.3CVSS0.00086EPSS
Exploits0References7
OSV
OSVadded 2026/05/09 12:33 p.m.2 views

OESA-2026-2251 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing...

8.8CVSS6.3AI score0.00015EPSS
Exploits0References3
OSV
OSVadded 2026/05/09 12:33 p.m.1 views

OESA-2026-2248 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

9.8CVSS6.6AI score0.00022EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/09 12:0 a.m.5 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...

7.5CVSS5.8AI score0.00086EPSS
Exploits0References1
NVD
NVDadded 2026/05/08 11:16 p.m.6 views

CVE-2026-42451

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS0.00008EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/08 10:51 p.m.8 views

EUVD-2026-28861

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00008EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/08 10:51 p.m.26 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS0.00008EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/08 10:51 p.m.7 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/08 10:51 p.m.3 views

CVE-2026-42451

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00008EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/08 3:16 p.m.2 views

UBUNTU-CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

9.8CVSS5.7AI score0.0006EPSS
Exploits0References8
OSV
OSVadded 2026/05/08 5:46 a.m.2 views

BIT-JRE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.00165EPSS
Exploits3References7
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.4 views

PT-2026-38830

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.00165EPSS
Exploits3References8
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-39217

Name of the Vulnerable Software and Affected Versions Grimmory versions prior to 2.3.1 Description A stored cross-site scripting XSS issue in the browser-based EPUB reader allows an attacker to embed arbitrary JavaScript within a crafted EPUB file. When a user opens the affected book, the script...

6.3CVSS5.8AI score0.00008EPSS
Exploits0References4
Rows per page
Query Builder