Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/05/14 4:20 p.m.34 views

CVE-2026-44514 Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

6.5CVSS0.00006EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/03 3:31 a.m.3 views

EUVD-2026-18568

Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,...

5.4CVSS5.9AI score0.00037EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/03 12:0 a.m.6 views

shynet 跨站脚本漏洞

Shynet is a self-hosted website analysis tool developed by R. Miles McCain. Versions of Shynet prior to 0.14.0 contained a cross-site scripting vulnerability, which originated from the urldisplay and iconify template filters having cross-site scripts...

6.1CVSS5.7AI score0.00037EPSS
Exploits0References2
EUVD
EUVDadded 2026/01/21 9:13 p.m.3 views

EUVD-2026-3678

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

8.8CVSS6.5AI score0.00029EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/01/14 4:52 p.m.21 views

CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

8.7CVSS0.00058EPSS
Exploits1References5
CVE
CVEadded 2024/11/19 3:32 p.m.45 views

CVE-2024-52582

Cachi2 (open source CLI) is affected up to version 0.13.x; when an unhandled exception occurs, the tool logs function locals, potentially exposing secrets in CI/build logs. Version 0.14.0 includes a patch to fix this. No other exploit details are provided in the documents. Remediation: upgrade to...

4.7CVSS4.7AI score0.00103EPSS
Exploits0References3
OSV
OSVadded 2023/10/10 2:15 p.m.3 views

AZL-34686 CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.94394EPSS
Exploits19References1
OSV
OSVadded 2021/09/23 8:15 p.m.2 views

DEBIAN-CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

8.8CVSS8.3AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder