Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

730789 matches found

NVD
NVDadded 6 days ago7 views

CVE-2025-71331

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS0.00222EPSS
Exploits1References2
EUVD
EUVDadded 6 days ago6 views

EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 6 days ago3 views

CVE-2025-71331

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 6 days ago4 views

CVE-2025-71331 Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
Cvelist
Cvelistadded 6 days ago28 views

CVE-2025-71331 Flowise - Cross-Site Scripting in Chat Messages and Agent Workflows

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS0.00222EPSS
Exploits1References2
CVE
CVEadded 6 days ago12 views

CVE-2025-71331

Flowise (pre-3.0.8) exposes a Cross-Site Scripting (XSS) vulnerability due to insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript via an iframe payload in chat or have a custom agent function return an external XSS payload. The inj...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2Affected Software1
CVE
CVEadded 6 days ago16 views

CVE-2026-56317

CVE-2026-56317 affects Nuxt before 4.4.7 and the 3.x branch before 3.21.7. The NoScript component writes slot content to innerHTML without escaping, enabling cross-site scripting via untrusted data in NoScript slots (e.g., route.query parameters). Impact is XSS in pages rendering NoScript content...

6.1CVSS5.7AI score0.00209EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 6 days ago3 views

CVE-2026-56317

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 6 days ago25 views

CVE-2026-56317 Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS0.00209EPSS
Exploits0References4
EUVD
EUVDadded 6 days ago7 views

EUVD-2026-38112

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 6 days ago4 views

CVE-2026-56317 Nuxt - Cross-Site Scripting via NoScript Component Slot Content

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References4
OSV
OSVadded 6 days ago8 views

MAL-2026-6239 Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 6 days ago11 views

Malicious code in atlasora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f33093da9f0bcf9358f3b00bd87e723d95267074539c72511ab58bff4172f092 The package declares a postinstall hook in package.json "postinstall": "node install.js" that auto-executes install.js on every npm install. install....

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 6 days ago7 views

Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

5.8AI score
Exploits0References1
OSV
OSVadded 6 days ago6 views

MAL-2026-6242 Malicious code in atlasora-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af2118f668c8e39caf15aeb52d365083d5bc6b9c1ae4d9ff6d007d348ba8b9e On npm install, the package runs install.js via the postinstall lifecycle hook. The script harvests installer-side secrets and POSTs them as JSON to ...

5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 6 days ago5 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

9.9CVSS6.7AI score0.01075EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 6 days ago5 views

Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2026-26171...

7.5CVSS6.1AI score0.01088EPSS
Exploits2Affected Software1
GithubExploit
GithubExploitadded 6 days ago68 views

GumVulns

GumVulns A single-file PHP CLI that searches many vulnerabi...

10CVSS7.5AI score0.99999EPSS
Exploits347
GithubExploit
GithubExploitadded 6 days ago40 views

Web-Security-Audit-Skill

--- Features - Multi-language support: Automatic identi...

6.3AI score
Exploits0
GithubExploit
GithubExploitadded 6 days ago43 views

flowise-mcp-env-case-bypass-poc

Flowise 3.1.2 Custom MCP Environment Variable Case Bypass PoC...

6.3AI score
Exploits0
Rows per page
Query Builder