Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/22 5:42 p.m.6 views

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

6.5CVSS5.8AI score0.00061EPSS
Exploits0References3
OSV
OSVadded 2026/04/22 5:31 p.m.2 views

GHSA-V9JR-RG53-9PGP DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback

Summary DOMPurify versions 3.0.1 through 3.3.3 latest are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype pollution gadget can inject permissive tagNameCheck and...

6.9CVSS6AI score0.00039EPSS
Exploits0References4
Snyk
Snykadded 2026/04/03 3:46 a.m.4 views

Permissive List of Allowed Inputs

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious scripts in the DOM...

6.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/01/23 12:0 a.m.2 views

PT-2025-5646 · Asteval · Asteval

Name of the Vulnerable Software and Affected Versions: asteval affected versions not specified Description: The issue arises from how asteval performs attribute access verification, specifically in the on attribute node handler. This handler prevents access to attributes that are either present i...

8.4CVSS6.8AI score
Exploits0References4
CNNVD
CNNVDadded 2022/05/05 12:0 a.m.1 views

HUAWEI HarmonyOS 安全漏洞

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from hiaiserver not doing strict legitimacy...

7.5CVSS7.3AI score0.00191EPSS
Exploits0References4
CNVD
CNVDadded 2016/03/16 12:0 a.m.1 views

Apache Struts2 Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications. A security vulnerability exists in Apache Struts versions 2.0.0 through 2.3.24.1, which stems from the program performi...

9CVSS9.1AI score0.13414EPSS
Exploits0References1
OSV
OSVadded 2014/11/11 7:39 p.m.0 views

USN-2408-1 neutron vulnerability

Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this to bypass intended access controls and reset admin-only attributes to default values...

4CVSS5.8AI score0.00573EPSS
Exploits0References2
Rows per page
Query Builder