Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58988 matches found

CVE
CVEadded 2026/03/11 10:4 p.m.24 views

CVE-2026-3926

CVE-2026-3926 refers to an out-of-bounds read in V8 used by Google Chrome, exploitable via a crafted HTML page. Affected: Chrome/Chromium prior to 146.0.7680.71. Impact described as remote memory access with potential for arbitrary behavior; CVSS indicates high impact to confidentiality, integrit...

8.8CVSS5.8AI score0.00226EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/11 10:4 p.m.2 views

CVE-2026-3926

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/03/11 10:4 p.m.3 views

CVE-2026-3926

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.3AI score0.00226EPSS
Exploits0
EUVD
EUVDadded 2026/03/11 9:31 p.m.5 views

EUVD-2026-11403

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00228EPSS
Exploits0References6
CVE
CVEadded 2026/03/11 9:28 p.m.9 views

CVE-2026-32117

The CVE concerns the grafanacubism-panel Grafana plugin. In versions

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/11 9:28 p.m.1 views

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/11 9:28 p.m.2 views

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/11 9:28 p.m.4 views

EUVD-2026-11407

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/11 9:28 p.m.28 views

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS0.00265EPSS
Exploits0References2
OSV
OSVadded 2026/03/11 9:28 p.m.4 views

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References4
OSV
OSVadded 2026/03/11 9:16 p.m.5 views

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.3CVSS5.4AI score
Exploits0References5
NVD
NVDadded 2026/03/11 9:16 p.m.4 views

CVE-2026-32112

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...

6.8CVSS0.00181EPSS
Exploits0References1
OSV
OSVadded 2026/03/11 9:16 p.m.5 views

PYSEC-2026-32

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

4.4CVSS6AI score0.00162EPSS
Exploits0References1
NVD
NVDadded 2026/03/11 9:16 p.m.8 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

4.4CVSS0.00162EPSS
Exploits0References1
CVE
CVEadded 2026/03/11 8:53 p.m.15 views

CVE-2026-32127

CVE-2026-32127 affects OpenEMR before version 8.0.0.1, via a SQL injection in the ajax graphs library caused by insufficient input validation. The vulnerability can be exploited by authenticated attackers and may impact confidentiality, integrity, and availability. The advisory states the issue i...

8.8CVSS5.8AI score0.00327EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2026/03/11 8:47 p.m.12 views

CVE-2026-32121

CVE-2026-32121 affects OpenEMR prior to 8.0.0.1 with stored DOM XSS in two areas stemming from unsanitized patient names in patient_data. One path is server-side rendering of patient demographics via raw PHP echo (Stored XSS in prescription CSS/HTML print view). The other is client-side DOM rende...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/11 8:16 p.m.5 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/11 8:16 p.m.29 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/11 8:16 p.m.4 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
CVE
CVEadded 2026/03/11 8:16 p.m.12 views

CVE-2026-32109

Copyparty (portable file server) contains a vulnerability where an attacker with both read and write permissions can upload a file named .prologue.html and craft a link to potentially execute arbitrary JavaScript in a victim’s context. The attack requires the target to click the crafted link; nor...

4.4CVSS5.9AI score0.00162EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder