Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

106037 matches found

NVD
NVDadded 2026/05/07 8:16 p.m.9 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS0.00013EPSS
Exploits0References4
OSV
OSVadded 2026/05/07 8:16 p.m.3 views

DEBIAN-CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00013EPSS
Exploits0References1
OSV
OSVadded 2026/05/07 8:16 p.m.1 views

UBUNTU-CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS6AI score0.00013EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2026/05/07 8:16 p.m.3 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.8AI score0.00013EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/07 7:41 p.m.33 views

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

0.00013EPSS
Exploits0References4
CVE
CVEadded 2026/05/07 7:41 p.m.14 views

CVE-2026-39826

CVE-2026-39826 corresponds to an escaper bypass in Go’s html/template that can allow data inside a [removed] block to be incorrectly escaped if a trusted template author uses a [removed] tag with an empty or whitespace-only type attribute. This is described across multiple feeds (NVD, EUVD, Debia...

6.1CVSS5.9AI score0.00013EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2026/05/07 7:41 p.m.7 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00013EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/07 7:41 p.m.4 views

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

5.9AI score0.00013EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/05/07 7:41 p.m.9 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00013EPSS
Exploits0
OSV
OSVadded 2026/05/07 7:21 p.m.2 views

GO-2026-4980 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00013EPSS
Exploits0References3
Snyk
Snykadded 2026/05/07 7:21 p.m.5 views

Improper Encoding or Escaping of Output

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report: If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type'...

6.1CVSS5.9AI score0.00013EPSS
Exploits0References3
NVD
NVDadded 2026/05/07 7:16 p.m.7 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS0.00023EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/07 6:43 p.m.27 views

CVE-2026-41653 BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

7CVSS0.00062EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 6:5 p.m.3 views

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.7AI score0.00033EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploitadded 2026/05/07 4:35 p.m.80 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama GGUF Heap OOB Read Reproduction This re...

9.1CVSS5.8AI score0.0004EPSS
Exploits2
NVD
NVDadded 2026/05/07 4:16 p.m.7 views

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS0.00029EPSS
Exploits0References2
NVD
NVDadded 2026/05/07 4:16 p.m.5 views

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS0.00021EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 3:38 p.m.8 views

EUVD-2026-28360

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00015EPSS
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2026/05/07 2:0 p.m.3 views

Chromium: CVE-2026-8021 Script injection in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.2CVSS5.8AI score0.0001EPSS
Exploits0
NVD
NVDadded 2026/05/07 1:16 p.m.5 views

CVE-2026-6002

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS0.00015EPSS
Exploits0References1
Rows per page
Query Builder