Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59047 matches found

OSV
OSVadded 2026/01/20 9:16 p.m.4 views

ALPINE-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS5.9AI score0.00978EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/01/20 9:16 p.m.1 views

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

7.5CVSS7AI score0.00624EPSS
Exploits0References2
OSV
OSVadded 2026/01/20 9:16 p.m.1 views

UBUNTU-CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

7.5CVSS7.1AI score0.00624EPSS
Exploits0References3
OSV
OSVadded 2026/01/20 9:16 p.m.2 views

UBUNTU-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.3AI score0.00978EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/01/20 8:41 p.m.3 views

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

7.5CVSS7.3AI score0.00624EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/01/20 6:50 p.m.4 views

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/01/20 6:50 p.m.4 views

CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5AI score0.00505EPSS
Exploits0References4
CVE
CVEadded 2026/01/20 6:50 p.m.34 views

CVE-2026-1245

CVE-2026-1245 is a code-injection vulnerability in the binary-parser library, affecting versions prior to 2.3.0. The issue arises from unsanitized values used in parser field names or encoding parameters, which are directly interpolated into dynamically generated code (via the Function constructo...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/01/20 5:54 p.m.9 views

GHSA-4GPC-RHPJ-9443 Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...

9.6CVSS5.9AI score0.00123EPSS
Exploits0References4
NVD
NVDadded 2026/01/20 4:16 p.m.8 views

CVE-2025-36408

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.4CVSS0.00164EPSS
Exploits0References1
CVE
CVEadded 2026/01/20 3:33 p.m.16 views

CVE-2025-36408

CVE-2025-36408 affects IBM ApplinX 11.1. It is a stored cross-site scripting vulnerability, allowing an authenticated user to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Supported documents consistently identify the affected product/vers...

6.4CVSS5.2AI score0.00164EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/01/20 3:17 p.m.3 views

CVE-2025-58093

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
OSV
OSVadded 2026/01/20 3:17 p.m.2 views

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score0.0024EPSS
Exploits1References1
OSV
OSVadded 2026/01/20 3:17 p.m.2 views

CVE-2025-58094

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
OSV
OSVadded 2026/01/20 3:17 p.m.5 views

CVE-2025-58090

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
NVD
NVDadded 2026/01/20 3:17 p.m.7 views

CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.00229EPSS
Exploits1References1
NVD
NVDadded 2026/01/20 3:17 p.m.5 views

CVE-2025-58091

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.00229EPSS
Exploits1References1
NVD
NVDadded 2026/01/20 3:17 p.m.6 views

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.0024EPSS
Exploits1References1
NVD
NVDadded 2026/01/20 3:17 p.m.4 views

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.00229EPSS
Exploits1References1
NVD
NVDadded 2026/01/20 3:17 p.m.8 views

CVE-2025-58090

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.00229EPSS
Exploits1References1
Rows per page
Query Builder