Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6660 matches found

Redos
Redosadded 2026/01/26 12:0 a.m.4 views

ROS-20260126-73-0050

A vulnerability in the drm/amd/pm component of the Linux kernel is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information and cause denial of service...

5.5CVSS7.2AI score0.00165EPSS
Exploits0
OSV
OSVadded 2026/01/24 9:6 a.m.8 views

RLSA-2026:0793 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Make dma-fences compliant with the safe access rules CVE-2025-38703 kernel: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength CVE-2025-39933 kernel:...

7.8CVSS5.5AI score0.00335EPSS
Exploits0References6
Rockylinux
Rockylinuxadded 2026/01/24 9:2 a.m.9 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS7.6AI score0.00183EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/01/24 3:17 a.m.9 views

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

5.4CVSS5.5AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/22 11:24 p.m.6 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References1
NVD
NVDadded 2026/01/21 11:15 p.m.5 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/01/21 10:51 p.m.17 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/01/21 10:51 p.m.4 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3
CVE
CVEadded 2026/01/21 10:51 p.m.10 views

CVE-2026-23630

CVE-2026-23630 affects Docmost: versions 0.3.0–0.23.2 are vulnerable to stored XSS in Mermaid diagram rendering. attacker-controlled Mermaid diagrams rendered via mermaid.render() are injected into the DOM with dangerouslySetInnerHTML, and per-diagram %%{init}%% directives can override securityLe...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/21 10:51 p.m.3 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/01/21 10:51 p.m.6 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.9AI score0.00243EPSS
Exploits1References5
Snyk
Snykadded 2026/01/21 10:46 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

9CVSS6AI score0.00245EPSS
Exploits1References2
Snyk
Snykadded 2026/01/21 10:46 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

9CVSS6AI score0.00245EPSS
Exploits1References2
NVD
NVDadded 2026/01/21 9:16 p.m.11 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS0.00713EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/01/21 8:54 p.m.2 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS5.8AI score0.00713EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/01/21 8:54 p.m.16 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS0.00713EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/01/21 8:54 p.m.5 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00713EPSS
Exploits1References2
CVE
CVEadded 2026/01/21 8:54 p.m.17 views

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

9.6CVSS6AI score0.00713EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/01/21 8:54 p.m.4 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00713EPSS
Exploits1References4
EUVD
EUVDadded 2026/01/21 8:54 p.m.6 views

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6AI score0.00713EPSS
Exploits1References2
Rows per page
Query Builder