CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added yesterday•4 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.9AI score0.00388EPSS

Exploits0References5

Nuclei•added yesterday•77 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.4AI score0.01089EPSS

Exploits0References4

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS0.00318EPSS

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS0.00336EPSS

CVE-2026-52725

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS0.00404EPSS

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

5.3CVSS0.00201EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-38268

5.3CVSS5.8AI score0.00318EPSS

ATTACKERKB•added 2 days ago•3 views

CVE-2026-50557

5.3CVSS5.8AI score0.00336EPSS

Exploits0References4Affected Software1

Cvelist•added 2 days ago•28 views

CVE-2023-33854 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

5.3CVSS0.00201EPSS

CVE•added 2 days ago•6 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00201EPSS

NVD•added 6 days ago•10 views

CVE-2026-55237

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS0.00189EPSS

OSV•added 2026/06/16 1:47 p.m.•4 views

GHSA-C9CV-MQ2M-PPP3 Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

5.1CVSS5.6AI score0.00197EPSS

Exploits0References10

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description The stripHTML template function, specifically within the funcStripHTML function, fails to reliably remove all HTML tags from input strings. Malformed HTML can bypass the tag-stripping logic, which may...

4.2CVSS5.8AI score0.0003EPSS

Exploits0References4

OSV•added 2026/06/15 5:24 p.m.•4 views

GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

8.2CVSS5.5AI score0.00318EPSS

Exploits0References4

OSV•added 2026/06/15 4:52 p.m.•2 views

GHSA-P3VC-36G9-X9GR @angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

8.2CVSS5.5AI score0.00292EPSS

NVD•added 2026/06/15 8:16 a.m.•10 views

CVE-2026-9278

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS0.00159EPSS

Cvelist•added 2026/06/15 6:0 a.m.•36 views

CVE-2026-9278 Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure

0.00159EPSS