Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 3 days ago5 views

EUVD-2026-38376

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References2
Snyk
Snykadded 2026/05/29 2:7 p.m.3 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the saveNode endpoint due to insufficient sanitization of the node.body parameter, allowing event handler attributes without whitespace to bypass the HTML...

8.7CVSS5.4AI score0.00228EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 1:16 p.m.14 views

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 12:26 p.m.8 views

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00228EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichmentadded 2026/05/29 12:26 p.m.11 views

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00228EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 12:26 p.m.14 views

EUVD-2026-33286

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00228EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/11/19 7:43 p.m.7 views

Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...

3.5CVSS6.9AI score0.00424EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2025/03/20 7:11 a.m.3 views

Arbitrary Command Injection

k8s.io/kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper endpoint access control due to the ability of a user to execute arbitrary commands on the host by querying a node's /logs endpoint...

5.9CVSS6.6AI score0.01394EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder