Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/03 6:30 p.m.2 views

GHSA-2WW6-868G-2C56 OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation

Summary The HTML session exporter src/auto-reply/reply/export-html/template.js interpolates img.mimeType directly into attributes without validation or escaping. A crafted mimeType value e.g., x" onerror="alert1 can break out of the attribute context and execute arbitrary JavaScript. Impact An...

4.6CVSS6.1AI score0.00031EPSS
Exploits1References6
GithubExploit
GithubExploitadded 2026/01/30 3:14 a.m.131 views

EspoCRM-Admin-Extension-Upload-RCE-

EspoCRM 9.2.7 Administrator Remote Code Execution Vulnerabilit...

6.1AI score
Exploits0
Snyk
Snykadded 2025/03/18 9:7 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious...

8.7CVSS6.7AI score0.00466EPSS
Exploits1References2
OSV
OSVadded 2023/06/26 4:15 p.m.0 views

CVE-2023-29459

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...

6.1CVSS5.9AI score
Exploits0References2
Veracode
Veracodeadded 2020/07/03 6:23 a.m.10 views

Spoofable Cookies

Microsoft asp.net has caused spoofable cookies. It does not properly encode the data string parsed to cookie name value, allowing an attacker who can perform a secondary exploit such as an XSS vulnerability in the web site to inject the spoofed cookies if the prefixes are used...

4.7AI score
Exploits0
OSV
OSVadded 2018/06/11 9:29 p.m.0 views

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

6.1CVSS6.6AI score0.00817EPSS
Exploits1References8
CNVD
CNVDadded 2018/03/06 12:0 a.m.1 views

Joyent Node.js moment module denial of service vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform . moment is one of the JavaScript date processing library . A security vulnerability exists in the Joyent Node.js moment module. The vulnerability can be...

7.5CVSS6.7AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder