Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

175 matches found

Vulnrichment
Vulnrichmentadded 2026/02/20 5:0 a.m.2 views

CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

6.9CVSS5.5AI score0.00022EPSS
Exploits0References6
CVE
CVEadded 2026/02/20 5:0 a.m.13 views

CVE-2026-2739

CVE-2026-2739 affects bn.js versions before 5.2.3. Calling maskn(0) on any BN instance corrupts internal state, causing toString(), divmod(), and related methods to enter an infinite loop and hang the process. The Snyk/NVD/CVE listings confirm the impact and provide examples; the recommended reme...

6.9CVSS5.5AI score0.00022EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/02/20 12:0 a.m.3 views

PT-2026-20998

Name of the Vulnerable Software and Affected Versions bn.js versions prior to 5.2.3 Description The bn.js package is susceptible to a state corruption issue. Calling the maskn0 function on any BN instance corrupts the internal state. This corruption causes methods like toString, divmod, and other...

6.9CVSS5.2AI score0.00022EPSS
Exploits0References17
OSV
OSVadded 2026/01/22 12:8 a.m.3 views

OSV-2026-105 Use-of-uninitialized-value in pcpp::SSLServerHelloMessage::ServerHelloTLSFingerprint::toString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476187680 Crash type: Use-of-uninitialized-value Crash state: pcpp::SSLServerHelloMessage::ServerHelloTLSFingerprint::toString pcpp::SSLServerHelloMessage::ServerHelloTLSFingerprint::toStringAndMD5...

5.4AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 11:21 a.m.2 views

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

6.8CVSS6.8AI score0.00434EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/12/12 9:54 p.m.367 views

Exploit for CVE-2025-55183

React Server Components Security Lab CVE-2025-55183 & CVE-202...

7.5CVSS6.6AI score0.41239EPSS
Exploits13
RedhatCVE
RedhatCVEadded 2025/11/14 9:50 a.m.3 views

CVE-2025-59840

A cross-site scripting XSS vulnerability has been identified in the Vega visualization library when applications accept user-supplied Vega specifications and expose Vega objects on the global browser window. An attacker can craft a malicious Vega specification that triggers hidden JavaScript...

8.1CVSS5.6AI score0.00034EPSS
Exploits0References4
OSV
OSVadded 2025/11/13 10:32 p.m.4 views

GHSA-7F2V-3QQ3-VVJF Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

8.1CVSS6.8AI score0.00034EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2025/11/13 10:32 p.m.9 views

Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

8.1CVSS6.9AI score0.00034EPSS
Exploits0References7Affected Software3
Snyk
Snykadded 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.5AI score0.00034EPSS
Exploits0References2
Snyk
Snykadded 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.6AI score0.00034EPSS
Exploits0References2
Snyk
Snykadded 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.5AI score0.00034EPSS
Exploits0References2
Snyk
Snykadded 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview vega-interpreter is a CSP-compliant interpreter for Vega expressions. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code b...

8.1CVSS5.5AI score0.00034EPSS
Exploits0References2
Snyk
Snykadded 2025/11/13 8:43 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.4AI score0.00034EPSS
Exploits0References2
CVE
CVEadded 2025/11/13 7:54 p.m.12 views

CVE-2025-59840

CVE-2025-59840 (Vega XSS) : The vulnerability affects Vega prior to 6.2.0 where an application that attaches the Vega library and a global vega.View instance to window and allows user-defined Vega JSON can be exploited to execute arbitrary JavaScript, even with safe mode expressionInterpreter. Th...

8.1CVSS6.6AI score0.00034EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/13 7:54 p.m.2 views

CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS6.6AI score0.00034EPSS
Exploits0References1
OSV
OSVadded 2025/11/13 7:54 p.m.2 views

CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7AI score0.00034EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/11/13 7:54 p.m.14 views

CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS0.00034EPSS
Exploits0References1
OSV
OSVadded 2025/10/26 12:13 a.m.3 views

OSV-2025-858 Use-of-uninitialized-value in pcpp::byteArrayToHexString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454944849 Crash type: Use-of-uninitialized-value Crash state: pcpp::byteArrayToHexString pcpp::PacketTrailerLayer::toString FuzzTarget.cpp...

6.9AI score
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-2489

Malware in sbrugna...

6.8CVSS6.4AI score0.00571EPSS
Exploits0References4
Rows per page
Query Builder