Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/03/27 6:31 a.m.3 views

Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

7.5CVSS5.9AI score0.00064EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2026/03/25 4:16 p.m.2 views

CVE-2026-2348

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

5.4CVSS0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:58 a.m.1 views

CVE-2023-1141

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution...

8.8CVSS8.2AI score0.01624EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:33 a.m.2 views

CVE-2023-1137

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...

8.8CVSS6.8AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/01/27 12:0 a.m.3 views

PT-2025-4923 · Unknown · Blokhaus Minterpress

Name of the Vulnerable Software and Affected Versions: Blokhaus Minterpress versions n/a through 1.0.5 Description: The issue is related to a lack of authorization in Blokhaus Minterpress, allowing access to functions that are not properly constrained by access control lists ACLs. Recommendations...

6.5CVSS9.4AI score0.00236EPSS
Exploits0References3
CNNVD
CNNVDadded 2023/08/18 12:0 a.m.0 views

social-media-skeleton 跨站请求伪造漏洞

social-media-skeleton is an unfinished social media project implemented in php, css, javascript and html by the individual developer fobybus. A cross-site request forgery vulnerability exists in social-media-skeleton versions prior to 1.0.5, which stems from the presence of a cross-site request...

8.8CVSS7.7AI score0.00069EPSS
Exploits0References3
CNVD
CNVDadded 2018/02/24 12:0 a.m.2 views

FreeXL heap buffer out-of-bounds read vulnerability (CNVD-2018-05153)

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'parseSST' function in versions of FreeXL prior to 1.0.5. An attacker can exploit this...

8.8CVSS6.8AI score0.00665EPSS
Exploits1References1
OSV
OSVadded 2015/02/03 4:59 p.m.1 views

DEBIAN-CVE-2015-1433

program/lib/Roundcube/rcubewashtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting XSS attacks via the style attribute in an email...

4.3CVSS7.9AI score0.00679EPSS
Exploits2References1
Rows per page
Query Builder