Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded yesterday4 views

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS5.6AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/18 6:40 p.m.9 views

EUVD-2026-30792

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS5.9AI score0.00039EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.8 views

PT-2026-41718

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A stored cross-site scripting issue exists in asset fields, specifically name, description, modelNumber, serialNumber, and tags. These fields are stored without server-side sanitization and...

6.1CVSS5.9AI score0.00039EPSS
Exploits0References5
EUVD
EUVDadded 2025/12/19 3:31 a.m.3 views

EUVD-2025-204430

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS6.1AI score0.00076EPSS
Exploits1References7
NVD
NVDadded 2025/12/19 2:16 a.m.4 views

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS0.00076EPSS
Exploits1References6
CNNVD
CNNVDadded 2025/12/19 12:0 a.m.1 views

Mintlify 安全漏洞

Mintlify is an AI-driven documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from the subdomain parameter not being properly validated in the Static Asset API, which could lead to arbitrary web script or HTML...

6.4CVSS6.4AI score0.00076EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 2025/12/19 12:0 a.m.1 views

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS6.2AI score0.00076EPSS
Exploits1References6
CNNVD
CNNVDadded 2025/01/19 12:0 a.m.1 views

IBM Maximo MXAPIASSET API 路径遍历漏洞

The IBM Maximo MXAPIASSET API is a remote asset monitoring application program interface from International Business Machines IBM. A path traversal vulnerability exists in the IBM Maximo MXAPIASSET API version 7.6.1.3, which originates from allowing a remote attacker to view arbitrary files on th...

7.5CVSS6.7AI score0.00074EPSS
Exploits0References2
Rows per page
Query Builder