Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Veracode
Veracodeadded 2026/03/28 5:23 a.m.2 views

Cross-Site Scripting

Home Assistant is vulnerable to Cross Site Scripting. The vulnerability is due to the lack of output escaping or sanitization in the History-graph card, where an attacker can inject arbitrary tags that execute JavaScript by changing the name of a sensor to a malicious value...

8.8CVSS5.9AI score0.00012EPSS
Exploits1References2Affected Software2
Debian CVE
Debian CVEadded 2026/02/10 6:59 p.m.6 views

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

6.9CVSS5.4AI score0.00043EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/08/30 6:20 p.m.0 views

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

6.1CVSS6.4AI score0.00046EPSS
Exploits0References1
NVD
NVDadded 2024/09/05 4:15 a.m.12 views

CVE-2024-45287

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data...

9.1CVSS0.00389EPSS
Exploits0References2
CVE
CVEadded 2024/09/05 3:18 a.m.64 views

CVE-2024-45287

The CVE-2024-45287 issue is a FreeBSD libnv (nvlist) vulnerability caused by a malicious size value in a packed structure that can trigger an integer overflow, leading to a buffer that is too small for parsed data. Affects both kernel and userland; could allow memory overwrite and privilege escal...

9.1CVSS7.6AI score0.00389EPSS
Exploits0References2Affected Software1
Veracode
Veracodeadded 2021/05/27 5:47 a.m.35 views

Regular Expression Denial Of Service (ReDoS)

ws is vulnerable to regular expression denial of service. An attacker is able to cause excessive CPU consumption that can lead to an application crash by submitting a malicious value of Sec-Websocket-Protocol...

5.3CVSS4.2AI score0.01154EPSS
Exploits1References5Affected Software2
Veracode
Veracodeadded 2020/02/18 1:17 a.m.11 views

HTML Injection

marky-markdown is vulnerable to HTML Injection. The vulnerability exists as it improperly validates style attribute in img tag, allowing an attacker to pass malicious value...

2.7AI score
Exploits0
RubySec
RubySecadded 2020/01/23 12:0 a.m.22 views

secure_headers header injection due to newline

If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original...

5.8CVSS6.9AI score0.00347EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisoriesadded 2016/10/30 12:0 a.m.11 views

IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)

A remote code execution vulnerability has been reported in IBM WebSphere. The vulnerability is due to an untrusted deserialization of data when the WASPostParam cookie is present in the request. A remote, authenticated attacker can exploit this vulnerability by sending a request containing a...

6.5CVSS4.1AI score0.13762EPSS
Exploits0
Rows per page
Query Builder