Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

251682 matches found

Tenable Nessus
Tenable Nessusadded 2026/05/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-44301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node- based asset pipelines PostCSS, Babel, TailwindCSS, Hugo...

8.6CVSS5.5AI score0.00044EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 11:0 p.m.5 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00183EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 11:0 p.m.11 views

CVE-2026-42156

Summary : CVE-2026-42156 affects Flowsint, an open-source OSINT graph exploration tool. Before version 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query, enabling execution of arbitrary Cypher queries. The issue is fixed in 1.2.3. Impact and...

7.1CVSS6AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 11:0 p.m.32 views

CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 11:0 p.m.3 views

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

7.1CVSS6AI score0.00183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/12 10:58 p.m.28 views

CVE-2026-42157 Flowsint: Stored XSS on map node marker in map page

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 10:58 p.m.4 views

CVE-2026-42157

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS6AI score0.00183EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 10:58 p.m.4 views

CVE-2026-42157 Flowsint: Stored XSS on map node marker in map page

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS6AI score0.00183EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 10:58 p.m.7 views

CVE-2026-42157

CVE-2026-42157 concerns Flowsint, an open-source OSINT graph exploration tool. Affected behavior: prior to version 1.2.3, an attacker could create a map node with a malicious HTML label; when the map tab is active and a node marker is selected, the HTML could render and trigger stored XSS. Impact...

5.1CVSS6AI score0.00183EPSS
Exploits0References1
OSV
OSVadded 2026/05/12 10:16 p.m.3 views

DEBIAN-CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.1CVSS5.8AI score0.00044EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 p.m.7 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS0.00044EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 p.m.5 views

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

9.9CVSS0.00012EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/05/12 10:16 p.m.8 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/12 9:37 p.m.6 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00044EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/12 9:37 p.m.4 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/12 9:37 p.m.6 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 9:37 p.m.11 views

CVE-2026-44301

Hugo (static site generator) versions 0.43 through 0.160.x are vulnerable when building a site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS). The vulnerability arises because Hugo invoked the configured Node tools without restrictions on file system access, potentially allowi...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/12 9:37 p.m.32 views

CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS0.00044EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/12 9:37 p.m.5 views

CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References1
Snyk
Snykadded 2026/05/12 9:0 p.m.17 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution in the Xml class, which implements an XML node. A user with permission to create or modify workflows can achieve remote code execution on the host system. Note: This is a bypass ...

9.9CVSS6.5AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder