Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/03/26 8:50 p.m.0 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/26 8:48 p.m.3 views

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS6AI score0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001571 advisory. In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value...

7.8CVSS6.8AI score0.00395EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/10/28 7:54 p.m.2 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37159

hsofreenetdevice in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregisternetdev without checking for the NETREGREGISTERED state, leading to a use-after-free and a double free...

5.5CVSS6.6AI score0.00395EPSS
Exploits0References33
Positive Technologies
Positive Technologiesadded 2021/06/13 12:0 a.m.9 views

PT-2021-4121 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.4 Description: The issue is related to the xdr set page base function in the net/sunrpc/xdr.c file of the Linux kernel. It allows remote attackers to cause a denial of service by performing many NFS 4.2 REA...

9.8CVSS6.3AI score0.88106EPSS
Exploits191References511
Rows per page
Query Builder