Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20111 matches found

Github Security Blog
Github Security Blogadded 2026/05/14 8:27 p.m.6 views

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00011EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/05/14 8:17 p.m.6 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS0.00013EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/05/14 8:17 p.m.4 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.00013EPSS
Exploits1References2
OSV
OSVadded 2026/05/14 8:17 p.m.5 views

UBUNTU-CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.00013EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/05/14 8:2 p.m.26 views

CVE-2026-44637 libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS0.00013EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/14 8:2 p.m.6 views

EUVD-2026-30412

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.00013EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/14 8:2 p.m.6 views

CVE-2026-44637 libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.00013EPSS
Exploits1References1
CVE
CVEadded 2026/05/14 8:2 p.m.9 views

CVE-2026-44637

CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...

7.1CVSS6AI score0.00013EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/14 7:58 p.m.7 views

CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

5.5CVSS5.8AI score0.00014EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/14 5:38 p.m.3 views

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS5.8AI score0.00014EPSS
Exploits0References2
NVD
NVDadded 2026/05/14 5:16 p.m.9 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS0.00021EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/14 5:16 p.m.3 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0References5
OSV
OSVadded 2026/05/14 5:16 p.m.1 views

UBUNTU-CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/14 4:15 p.m.33 views

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS0.00021EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2026/05/14 4:15 p.m.7 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/14 4:15 p.m.5 views

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/14 4:15 p.m.7 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/14 4:15 p.m.8 views

EUVD-2026-30330

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS
Exploits0References4
OSV
OSVadded 2026/05/14 4:9 p.m.2 views

OPENSUSE-SU-2026:20730-1 Security update for apptainer

This update for apptainer fixes the following issues: Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311 google.golang.org/[email protected] CVE-2026-24137 GO-2026-4358 bsc1264177 github.com/sigstore/[email protected] Fix...

9.9CVSS7.2AI score0.64852EPSS
Exploits8References35
OSV
OSVadded 2026/05/14 3:28 p.m.2 views

OPENSUSE-SU-2026:20753-1 Security update for agama

This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...

6.8CVSS5.8AI score0.00016EPSS
Exploits0References2
Rows per page
Query Builder