Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/03/17 11:59 p.m.9 views

CVE-2026-27978

Next.js (React framework) vulnerability CVE-2026-27978: in versions 16.0.1 up to 16.1.7, origin: null was treated as missing during Server Action CSRF validation, allowing requests from opaque contexts (e.g., sandboxed iframes) to bypass origin verification and potentially trigger state-changing ...

5.3CVSS5.8AI score0.00009EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/25 2:48 a.m.4 views

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

8.8CVSS6AI score0.00131EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/02/25 2:48 a.m.5 views

EUVD-2026-8602

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/02/20 12:0 a.m.5 views

CVE-2023-26081

In Epiphany aka GNOME Web through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts...

6.7AI score0.00176EPSS
Exploits1References5
NVD
NVDadded 2022/07/13 9:15 a.m.10 views

CVE-2019-10761

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS0.00818EPSS
Exploits1References3
OSV
OSVadded 2022/07/13 9:15 a.m.10 views

CVE-2019-10761

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS8.5AI score
Exploits0References3
Mozilla
Mozillaadded 2008/02/07 12:0 a.m.37 views

Privilege escalation, XSS, Remote Code Execution — Mozilla

Mozilla contributors mozbugra4 and Boris Zbarsky submitted a series of vulnerabilities which allow scripts from page content to escape from its sandboxed context and/or run with chrome privileges. An additional vulnerability reported by mozbugra4 demonstrated that the XMLDocument.load function ca...

4.3CVSS5.3AI score0.02001EPSS
Exploits1References2Affected Software3
Rows per page
Query Builder