Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2026/04/24 4:4 p.m.2 views

BIT-LIBPYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00042EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2026/03/24 10:2 a.m.1 views

CVE-2026-33170

A flaw was found in Active Support, a toolkit of support libraries for the Rails framework. When a SafeBuffer is modified in place and subsequently formatted with untrusted input, the @htmlunsafe flag is not correctly propagated. This improper handling causes the buffer to incorrectly report as...

6.1CVSS5.8AI score0.00011EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/03/23 11:9 p.m.0 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.8AI score0.00011EPSS
Exploits0References7
OSV
OSVadded 2026/03/23 8:53 p.m.3 views

GHSA-89VF-4333-QX8V Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Impact SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and then formatted with % using untrusted arguments, the result incorrectly reports htmlsafe? == true, bypassing ERB auto-escaping and possibly leading to XSS...

5.3CVSS6.6AI score0.00011EPSS
Exploits0References10
EUVD
EUVDadded 2026/01/19 5:41 p.m.2 views

EUVD-2026-3309

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS5.1AI score0.00067EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2006-3499

Malware in sbrugna...

5.1CVSS6.4AI score0.00421EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-23150

Malware in sbrugna...

6.1CVSS6.3AI score0.0086EPSS
Exploits1References8
Tenable Nessus
Tenable Nessusadded 2020/09/21 12:0 a.m.25 views

openSUSE Security Update : fossil (openSUSE-2020-1478)

This update for fossil fixes the following issues : - fossil 2.12.1 : - CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 - Security fix in the 'fossil git export' command. New 'safety-net' features were added to...

8.8CVSS8.2AI score0.06403EPSS
Exploits0References3
OSV
OSVadded 2020/09/11 4:15 p.m.0 views

UBUNTU-CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS6.8AI score0.01184EPSS
Exploits0References5
Rows per page
Query Builder