Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4256 matches found

OSV
OSVadded 2026/02/11 7:15 p.m.5 views

DEBIAN-CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS8.6AI score0.00546EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/02/11 12:0 a.m.3 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

6.4AI score0.00546EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/11 12:0 a.m.7 views

DiskCache 安全漏洞

DiskCache: Disk Backed Cache is a disk backup cache tool developed by Grant Jenks. Versions of DiskCache 5.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default use of Python pickle for serialization, which could allow attackers to execute arbitrary co...

9.8CVSS7.6AI score0.00546EPSS
Exploits1References2
CVE
CVEadded 2026/02/11 12:0 a.m.41 views

CVE-2025-69872

CVE-2025-69872 affects DiskCache (python-diskcache) up to version 5.6.3, where default pickle-based serialization can lead to arbitrary code execution when a victim application reads from a cache directory that has been written to by an attacker with write access. The provided documents confirm t...

9.8CVSS6.4AI score0.00546EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2026/02/11 12:0 a.m.7 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS7.6AI score0.00546EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2026/02/11 12:0 a.m.7 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS8.6AI score0.00546EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/02/05 1:22 a.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References1
Snyk
Snykadded 2026/02/03 10:4 p.m.4 views

Cross-site Scripting (XSS)

Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsafe virtual node serialization. An attacker can execute arbitra...

6.1CVSS5.5AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/03 9:12 p.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/03 9:12 p.m.3 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
OSV
OSVadded 2026/02/03 9:12 p.m.3 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References4
EUVD
EUVDadded 2026/02/03 9:12 p.m.6 views

EUVD-2026-5166

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
CVE
CVEadded 2026/02/03 9:12 p.m.11 views

CVE-2026-25148

Summary (CVE-2026-25148) Qwik SSR vulnerability: prior to version 1.19.0, the server-side rendering path serializes virtual attributes in a way that can be exploited via XSS. An attacker could inject arbitrary scripts into server-rendered pages through unescaped virtual attributes, enabling scrip...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/02/03 8:47 p.m.7 views

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

6.1CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.4 views

Qwik 跨站脚本漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from server-side rendering of virtual property serialization, which allowed remote attackers to inject arbitrary web scripts...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/01/30 6:51 p.m.2 views

Critical: Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update

Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes and container updates. Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated into the OpenShift console. It can answer questions related to OpenShift and layered offerings. Security Fixes:...

9.3CVSS7.9AI score0.1383EPSS
Exploits4References3
Microsoft Secure
Microsoft Secureadded 2026/01/30 6:49 p.m.8 views

Case study: Securing AI application supply chains

The rapid adoption of AI applications, including agents, orchestrators, and autonomous workflows, represents a significant shift in how software systems are built and operated. Unlike traditional applications, these systems are active participants in execution. They make decisions, invoke tools,...

9.3CVSS6.3AI score0.1383EPSS
Exploits4
Microsoft Secure
Microsoft Secureadded 2026/01/30 6:49 p.m.6 views

Case study: Securing AI application supply chains

The rapid adoption of AI applications, including agents, orchestrators, and autonomous workflows, represents a significant shift in how software systems are built and operated. Unlike traditional applications, these systems are active participants in execution. They make decisions, invoke tools,...

9.3CVSS8.3AI score0.1383EPSS
Exploits4
Veracode
Veracodeadded 2026/01/27 2:28 p.m.8 views

Serialization Injection Vulnerability

LangChain is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to improper handling of user-controlled objects containing lc keys in the toJSON serialization logic, which allows an attacker to inject crafted data that is mistakenly treated as a trusted LangChain obje...

9.1CVSS6AI score0.00746EPSS
Exploits0References6Affected Software2
Veracode
Veracodeadded 2026/01/27 2:15 p.m.7 views

Serialization Injection Vulnerability

langchaincore is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to the dumps and dumpd functions not escaping user-controlled dictionaries containing the internal lc key, which allows an attacker to craft malicious input that is interpreted as a trusted LangChain...

9.3CVSS5.9AI score0.1383EPSS
Exploits4References9Affected Software1
Rows per page
Query Builder