Lucene search
K

47684 matches found

ATTACKERKB
ATTACKERKB
โ€ขadded 2026/02/20 8:57 p.m.โ€ข5 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS6AI score0.00445EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
โ€ขadded 2026/02/20 8:57 p.m.โ€ข5 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1
Cvelist
Cvelist
โ€ขadded 2026/02/20 8:57 p.m.โ€ข24 views

CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS0.00445EPSS
Exploits1References4
OSV
OSV
โ€ขadded 2026/02/20 8:57 p.m.โ€ข4 views

CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS5.7AI score0.00445EPSS
Exploits1References6
CVE
CVE
โ€ขadded 2026/02/20 8:57 p.m.โ€ข73 views

CVE-2026-25896

CVE-2026-25896 affects the Node.js XML parser fast-xml-parser. From 4.1.3 up to (but not including) 5.3.5, a dot in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing shadowing of built-in entities and bypassing encoding, which can lead to XSS when parsed out...

9.3CVSS5.7AI score0.00445EPSS
Exploits1References11Affected Software1
RedhatCVE
RedhatCVE
โ€ขadded 2026/02/20 7:39 p.m.โ€ข5 views

CVE-2026-26192

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS5.6AI score0.00194EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/02/20 6:35 p.m.โ€ข5 views

CVE-2018-13276

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/02/20 6:35 p.m.โ€ข7 views

CVE-2018-13272

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
OSV
OSV
โ€ขadded 2026/02/20 6:31 p.m.โ€ข8 views

GHSA-9JMQ-XGJM-P8C2 Sync-in Server has a stored cross-site scripting (XSS) vulnerability

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

5.1CVSS5.9AI score0.00267EPSS
Exploits1References5
Github Security Blog
Github Security Blog
โ€ขadded 2026/02/20 6:23 p.m.โ€ข34 views

fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

Entity encoding bypass via regex injection in DOCTYPE entity names Summary A dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities , , &, ", ' with arbitrary values. This bypasses entity encoding and leads to...

9.3CVSS7.1AI score0.00445EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
โ€ขadded 2026/02/20 5:7 p.m.โ€ข25 views

CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

7.1CVSS0.00223EPSS
Exploits1References3
NVD
NVD
โ€ขadded 2026/02/20 4:22 p.m.โ€ข13 views

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

6.1CVSS0.00267EPSS
Exploits1References2
OSV
OSV
โ€ขadded 2026/02/20 4:22 p.m.โ€ข5 views

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

6.1CVSS6AI score
Exploits0References2
Information Security Automation
Information Security Automation
โ€ขadded 2026/02/20 4:20 p.m.โ€ข20 views

February Linux Patch Wednesday

FebruaryLinux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities - 1.5ร— fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation: ๐Ÿ”ป RCE - Chromium CVE-2026-2441 ๐Ÿ”ป InfDisc - MongoDB "MongoBleed" CVE-2025-14847 Publi...

10CVSS5.5AI score0.83007EPSS
Exploits72
Vulnrichment
Vulnrichment
โ€ขadded 2026/02/20 3:46 p.m.โ€ข1 views

CVE-2025-53217 WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...

7.6CVSS5.3AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/02/20 3:46 p.m.โ€ข25 views

CVE-2025-53217 WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...

7.6CVSS0.00204EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/02/20 3:46 p.m.โ€ข12 views

CVE-2025-53217

The CVE-2025-53217 entry concerns the WordPress plugin AIO WP Builder (staviravn all-in-one-wp-builder) with versions up to and including 2.0.2, where a Missing Authorization vulnerability allows exploitation of incorrectly configured access control. The root cause is broken access control in the...

7.6CVSS5.5AI score0.00204EPSS
Exploits0References1
Akamai Blog
Akamai Blog
โ€ขadded 2026/02/20 3:0 p.m.โ€ข9 views

Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513

Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 โ€” an actively exploited MSHTML vulnerability โ€” and how APT28 leveraged it in real-world attacks...

8.8CVSS5.5AI score0.15384EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/02/20 2:4 p.m.โ€ข4 views

MINI-32FX-4RQJ-FG3X

Bulletin has no description...

8CVSS5.1AI score0.00505EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/02/20 2:4 p.m.โ€ข2 views

MINI-RCV9-RG56-6CHH

Bulletin has no description...

4.3CVSS5.1AI score0.00333EPSS
Exploits0
Rows per page
Query Builder