CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 3 days ago•3 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

SUSE CVE•added 5 days ago•6 views

Exploits0References8

SUSE CVE-2026-41150

OSV•added 6 days ago•3 views

Exploits0References3

DEBIAN-CVE-2026-41150

EUVD•added 6 days ago•4 views

Exploits0References1

EUVD-2026-33325

Friends Of PHP•added 6 days ago•9 views

symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor

More info at https://github.com/symfony/ux/security/advisories/GHSA-89g7-22c8-3j23...

5.8AI score

Exploits0Affected Software1

Circl•added last week•5 views

CVE-2026-2128

creationtimestamp| type| source ---|---|--- 2026-05-28 20:16:19+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2128 2026-05-29 09:54:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmybdofzag2e...

5.3CVSS5.8AI score0.00045EPSS

Circl•added 2026/05/20 8:17 p.m.•4 views

CVE-2026-9126

creationtimestamp| type| source ---|---|--- 2026-05-20 20:17:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116608743862604761 2026-05-20 22:40:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcxxhekzf2k 2026-05-21 17:07:07+00:00| seen|...

8.8CVSS5.7AI score0.0003EPSS

Circl•added 2026/05/20 4:51 a.m.•4 views

CVE-2026-24214

creationtimestamp| type| source ---|---|--- 2026-05-20 04:51:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmb4aw6ccr2c 2026-05-20 19:37:20+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmcnputmzy2v...

9.8CVSS5.8AI score0.00035EPSS

Vulnrichment•added 2026/05/15 6:36 p.m.•3 views

CVE-2021-47967 PHP Timeclock 1.04 Multiple Cross-Site Scripting via Parameters

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

6.1CVSS5.9AI score0.00095EPSS

Exploits0References4

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40839

Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...

9.8CVSS5.8AI score0.00054EPSS

Exploits0References6

Spring Engineering•added 2026/05/12 12:0 a.m.•7 views

This Week in Spring - May 12th, 2026

Hi, Spring fans! As I write this I am in Miami, FL at the CodeRemix.ai show, focused on the wide and wonderful world of OpenRewrite and Moderne. I've got a talk to give so let's dive right into it! a quick note about the upcoming release train dates in last week's installment of A Bootiful Podcas...

5.8AI score

Exploits0

Snyk•added 2026/05/11 7:36 p.m.•5 views

Infinite loop

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An...

OSV•added 2026/05/11 7:36 p.m.•4 views

GHSA-6M6C-36F7-FHXH Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...

5.3CVSS5.7AI score0.00042EPSS

Exploits0References6

EUVD•added 2026/05/10 3:31 p.m.•6 views

EUVD-2022-55986

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS5.7AI score0.00042EPSS

EUVD•added 2026/05/10 3:31 p.m.•4 views

EUVD-2022-55983

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00042EPSS

Cvelist•added 2026/05/10 12:12 p.m.•26 views

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

6.1CVSS0.00042EPSS

Exploits0References4

Cvelist•added 2026/05/10 12:12 p.m.•27 views

CVE-2022-50964 uBidAuction 2.0.1 myAuctions loose Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS0.00042EPSS

Exploits0References4

Snyk•added 2026/05/05 2:34 p.m.•3 views

Malicious Package

Overview eslint-plugin-skyscanner-dates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score