Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/04/27 6:15 p.m.3 views

EUVD-2026-25906

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.baseurl results in server-side request forgery. Remote...

7.5CVSS7AI score0.00058EPSS
Exploits0References5
NVD
NVDadded 2026/04/01 4:17 a.m.1 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS0.00013EPSS
Exploits1References4
CVE
CVEadded 2026/04/01 3:15 a.m.8 views

CVE-2026-5252

The CVE-2026-5252 entry concerns z-9527 admin 1.0/2.0 with a vulnerability in the Message Create Endpoint. Specifically, manipulation of an as-yet-unknown function in /server/routes/message.js can cause cross-site scripting. The flaw is remotely exploitable and an exploit is publicly available. T...

5.1CVSS4.4AI score0.00013EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/01 3:15 a.m.30 views

CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS0.00013EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.1 views

PT-2026-29447

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.4AI score0.00013EPSS
Exploits1References5
OSV
OSVadded 2025/09/10 8:13 p.m.6 views

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

7.1CVSS6.6AI score0.00082EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.6 views

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

7.1CVSS6.4AI score0.00082EPSS
Exploits1References11
Rows per page
Query Builder