CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

185 matches found

CVE•added yesterday•8 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score

Exploits0References4

OSV•added 2 days ago•4 views

GHSA-VCM5-GVMP-78MP Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score

Exploits0References5

Positive Technologies•added 2 days ago•5 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score

Exploits0References8

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178725

Malicious code in geoarchaeology-superagent-entanglement-semantic-ui npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178455

Malicious code in ignite-hermes-ophiuchus-semantic-ui npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-175820

Malicious code in uninstall-semantic-ui-await-postcss npm...

EUVD•added 2025/11/13 3:23 a.m.•6 views

EUVD-2025-175425

Malicious code in zenobia-grus-readable-semantic-ui npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176117

Malicious code in superflare-xenon-semantic-ui-fermiparadox npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177500

Malicious code in oberon-semantic-ui-cors-dione npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-177445

Malicious code in ophiuchus-callisto-semantic-ui-lynx npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176673

Malicious code in resolvers-semantic-ui-cosmochemistry-andromeda npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-176434

Malicious code in semantic-ui-redis-dendrochronology-run-script npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178613

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-179000

Malicious code in eventhoriz-perseus-semantic-ui-antares npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179898

Malicious code in callback-zephyr-semantic-ui-carpo npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•3 views

Malicious code in prettier-oberon-unuk-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1416ff5d8384ecbdb89cc7b68eabd1e69af5e47c782685dded612d683ca51e37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-178784

Malicious code in gammarayburst-semantic-ui-antares-juno npm...

EUVD•added 2025/11/13 3:23 a.m.•4 views

EUVD-2025-175906

Malicious code in transform-semantic-ui-eleventy-phoebe npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-180524

Malicious code in ablation-semantic-ui-readable-xerxes npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-177605

Malicious code in nightmare-semantic-ui-init-config npm...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by