Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1143 matches found

NVD
NVDadded 2026/05/26 9:16 p.m.8 views

CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

6.1CVSS0.00032EPSS
Exploits0References1
OSV
OSVadded 2026/05/26 9:16 p.m.4 views

DEBIAN-CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

6.1CVSS5.8AI score0.00032EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 9:16 p.m.6 views

CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 8:33 p.m.6 views

CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

5.3CVSS5.8AI score0.00032EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 7:43 p.m.7 views

CVE-2026-44836

CVE-2026-44836 insight (normal mode) The vulnerability affects the Ruby on Rails component framework view_component (versions 3.0.0 through 4.8.x; fixed in 4.9.0). The preview route derives an example name from the URL and uses public_send to dispatch to that preview without verifying it is an ex...

6.5CVSS5.9AI score0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 7:43 p.m.6 views

EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00013EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 7:43 p.m.26 views

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS0.00013EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.10 views

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

5.1CVSS4.2AI score0.00031EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/05/23 6:36 a.m.65 views

Exploit for CVE-2026-6279

CVE-2026-6279 CVE-2026-6279: Avada Fusion Builder = 3.15...

9.8CVSS6.2AI score0.00138EPSS
Exploits2
NVD
NVDadded 2026/05/22 4:16 p.m.3 views

CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS0.00031EPSS
Exploits0References4
OSV
OSVadded 2026/05/22 4:16 p.m.3 views

DEBIAN-CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/22 4:16 p.m.7 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References6
OSV
OSVadded 2026/05/22 4:16 p.m.4 views

UBUNTU-CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References7
OSV
OSVadded 2026/05/22 4:16 p.m.2 views

UBUNTU-CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00032EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2026/05/22 4:16 p.m.5 views

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References6
OSV
OSVadded 2026/05/22 4:16 p.m.2 views

UBUNTU-CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References7
Debian CVE
Debian CVEadded 2026/05/22 3:1 p.m.4 views

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00032EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/22 3:1 p.m.6 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00032EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/22 3:1 p.m.5 views

EUVD-2026-31448

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00031EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/22 3:1 p.m.8 views

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00031EPSS
Exploits0References4
Rows per page
Query Builder