CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/09 11:48 p.m.•34 views

CVE-2026-41717 Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

8.1CVSS0.00328EPSS

RedhatCVE•added 2026/06/05 7:47 p.m.•8 views

CVE-2026-6591

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5AI score0.00366EPSS

RedhatCVE•added 2026/05/18 7:59 p.m.•11 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

NVD•added 2026/05/16 6:16 a.m.•16 views

CVE-2026-8656

6.1CVSS0.00191EPSS

Cvelist•added 2026/05/16 5:0 a.m.•50 views

CVE-2026-8656

6.1CVSS0.00191EPSS

EUVD•added 2026/05/16 5:0 a.m.•14 views

EUVD-2026-30671

ATTACKERKB•added 2026/05/16 5:0 a.m.•7 views

CVE-2026-8656

Vulnrichment•added 2026/05/16 5:0 a.m.•7 views

Exploits0References4

CVE-2026-8656

CVE•added 2026/05/16 5:0 a.m.•14 views

CVE-2026-8656

CVE-2026-8656 affects jsondiffpatch versions before 0.7.6. The vulnerability is Cross-site Scripting (XSS) via the annotated formatter caused by improper sanitization of JSON values and property names. When an application renders annotated formatter output in the DOM from untrusted JSON/object da...

Positive Technologies•added 2026/05/16 12:0 a.m.•14 views

PT-2026-41421

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Improper sanitization of JSON values and property names in the annotated formatter allows for Cross-site Scripting XSS. This occurs when an application compares untrusted JSON or object data an...

Packet Storm News•added 2026/05/13 12:0 a.m.•16 views

Exploits0References7

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

5.9AI score

Exploits0

Snyk•added 2026/05/01 5:7 p.m.•10 views

Cross-site Scripting (XSS)

Overview jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compar...

6.1CVSS5.5AI score0.00191EPSS

Exploits0References2

Snyk•added 2026/05/01 5:7 p.m.•6 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an...

6.1CVSS5.5AI score0.00191EPSS

Exploits0References2

Github Security Blog•added 2026/04/24 8:42 p.m.•14 views

gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

5.3AI score

Exploits0References3Affected Software1

OSV•added 2026/04/24 8:42 p.m.•3 views

GHSA-H829-5CG7-6HFF gitverify has improper tag signature verification

5.3CVSS5.8AI score