Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Cvelist
Cvelistadded 2026/03/10 9:7 p.m.23 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS0.00103EPSS
Exploits1References1
NVD
NVDadded 2026/02/04 2:16 p.m.7 views

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS0.0007EPSS
Exploits1References5
Veracode
Veracodeadded 2023/01/05 6:28 a.m.48 views

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the views.py does not properly escape the template name attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript...

5.4CVSS5.4AI score0.00179EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder