Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 3 days ago7 views

Cross-Site Scripting (XSS)

Vitest is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the otelCarrier query parameter being inserted directly into an inline module script and treated as JavaScript source rather than data, which allows an attacker to craft a malicious browser-runner URL and execute...

5.6AI score0.0005EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichmentadded 2026/04/20 12:30 a.m.2 views

CVE-2026-6589 ComfyUI server.py create_origin_only_middleware cross-site request forgery

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

5.3CVSS5.1AI score0.00158EPSS
Exploits0References4
OSV
OSVadded 2026/01/26 2:36 p.m.5 views

BIT-ARGO-WORKFLOWS-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo...

7.3CVSS6.1AI score0.00245EPSS
Exploits1References6
OSV
OSVadded 2026/01/21 10:0 p.m.6 views

GHSA-CV78-6M8Q-PH82 Argo Workflows affected by stored XSS in the artifact directory listing

Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Details The directory listing response in server/artifacts/artifactserver.go...

7.3CVSS5.8AI score0.00245EPSS
Exploits1References7
CVE
CVEadded 2025/11/13 5:32 p.m.10 views

CVE-2025-59480

Mattermost Mobile Apps (Android/iOS) versions up to and including 2.32.0 are affected by an insufficient verification of SSO redirect tokens. The root cause is failure to verify that SSO tokens originate from a trusted server, enabling a malicious Mattermost instance or an on-path attacker to obt...

6.5CVSS6.4AI score0.00123EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/11/13 5:32 p.m.8 views

CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

6.1CVSS0.00123EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2019/03/10 8:15 p.m.1949 views

Chaturbate: DoS attacks utilizing camo.stream.highwebmedia.com

DoS attacks utilizing camo.stream.highwebmedia.com Summary The asset proxy at camo.stream.highwebmedia.com used to embed external images linked by users fails to enforce 1. a timeout on slow responses if a little data is sent every 10 seconds a kind of "reverse-slowloris" attack 1. a size limit o...

7.1AI score
Exploits0
Rows per page
Query Builder