Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/15 7:57 p.m.5 views

CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00033EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/11 1:33 a.m.3 views

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00021EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:41 a.m.5 views

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

7.8CVSS7.4AI score0.00133EPSS
Exploits1References1
CNNVD
CNNVDadded 2022/07/12 12:0 a.m.2 views

Druva 注入漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 that stems from a URL injection vulnerability in the inSync...

7.8CVSS7.8AI score0.0022EPSS
Exploits1References4
Snyk
Snykadded 2020/06/05 2:52 p.m.1 views

Arbitrary Code Execution

Overview mosc is an a simple inline object model builder for NodeJS A small port exists for client-side javascript. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code executio...

8.6CVSS7.1AI score0.00959EPSS
Exploits1References2
CVE
CVEadded 2020/03/24 9:4 p.m.45 views

CVE-2019-4001

CVE-2019-4001 affects Druva inSync Client 6.5.0. The issue is an improper input validation vulnerability that allows a local, authenticated attacker to execute arbitrary NodeJS code. Root cause and detailed exploit steps are not provided in the connected documents. The CVSS metrics indicate a loc...

7.8CVSS7.7AI score0.00133EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2019/06/05 9:48 a.m.9 views

GHSA-886V-MM6P-4M66 High severity vulnerability that affects gun

Urgent Upgrade The static file server module included with GUN had a serious vulnerability: - Using curl --path-as-is allowed reads on any parent directory or files. This did not work via the browser or via curl without as-is option. Fixed This has been fixed since version 0.2019.416 and higher...

7AI score
Exploits0References3
Rows per page
Query Builder