Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/25 7:21 p.m.16 views

CVE-2026-48846

In Roundcube Webmail, versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1 have a vulnerability where the remote image blocking feature can be bypassed by a crafted CSS var() value in an e-mail message. This may lead to information disclosure or an access-control bypass. Affected software: Roundcu...

6.5CVSS5.8AI score0.00041EPSS
Exploits0References5
OSV
OSVadded 2026/04/16 8:42 p.m.2 views

GHSA-97V6-998M-FP4G ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Summary The @apostrophecms/color-field module bypasses color validation for values prefixed with -- intended for CSS custom properties, but performs no HTML sanitization on these values. When styles containing attacker-controlled color values are rendered into tags — both in the global stylesheet...

5.4CVSS6.1AI score0.00014EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/16 6:30 p.m.2 views

EUVD-2025-34783

A Use-After-Free UAF vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises ts-rejectedpromiselist. The function jsstdpromiserejectioncheck attempts to iterate over the rejectedpromiselist to report unhandled rejections usi...

8.8CVSS6.7AI score0.00028EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.3 views

Malicious code in custom-property-analyzer (npm)

The package custom-property-analyzer was found to contain malicious code...

7AI score
Exploits0
OSV
OSVadded 2025/08/14 6:52 p.m.1 views

MAL-2025-17835 Malicious code in custom-property-analyzer (npm)

The package custom-property-analyzer was found to contain malicious code...

7.2AI score
Exploits0
Huntr
Huntradded 2022/09/06 8:52 p.m.18 views

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

4.9CVSS5.2AI score0.0002EPSS
Exploits2
Zero Day Initiative
Zero Day Initiativeadded 2018/04/19 12:0 a.m.25 views

Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

2.6CVSS0.4AI score0.13778EPSS
Exploits0References1
securityvulns
securityvulnsadded 2002/03/19 12:0 a.m.25 views

Unauthorized access via Java Web Start

It's possible to pass property name="NAME" value="VALUE"/ with names different from jnlp. and javaws., it allows to leave sandbox...

4.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder