Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/05/19 12:0 a.m.8 views

CtrlPanel-gg 安全漏洞

CtrlPanel-gg is an open-source, easy-to-use, and free billing solution developed by CtrlPanel-gg. Versions of CtrlPanel-gg 1.1.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the datatable method in the administrator role management interface, which directly insert...

4.8CVSS5.7AI score0.00024EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/03 4:59 p.m.4 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

6.4CVSS5.8AI score0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.3 views

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

4.8CVSS5.8AI score0.00043EPSS
Exploits0References7
OSV
OSVadded 2026/01/28 4:10 p.m.0 views

GHSA-9R54-Q6CX-XMH5 Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

4.7CVSS6.3AI score0.00069EPSS
Exploits0References4
CVE
CVEadded 2026/01/21 8:54 p.m.12 views

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

9.6CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2025/12/15 12:0 a.m.1 views

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. A security vulnerability exists in Elastic Kibana that stems from improper input neutralization during web page generation, which could result in an authenticated user rendering HTML tags in the user's browser...

5.4CVSS6.4AI score0.00024EPSS
Exploits0References2
OSV
OSVadded 2025/11/27 11:15 a.m.2 views

CVE-2025-13742

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/08/19 4:58 p.m.2 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS6.3AI score0.00016EPSS
Exploits1References3
Rows per page
Query Builder