Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

OSV
OSVadded 2025/10/31 4:41 p.m.1 views

PSF-2025-13

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.9AI score0.00021EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-0755

Malware in sbrugna...

6.1CVSS6.2AI score0.0022EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2021-33538

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.0231EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-1655

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00634EPSS
Exploits0References7
NVD
NVDadded 2024/09/10 10:15 p.m.11 views

CVE-2024-45597

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS0.00759EPSS
Exploits0References2
OSV
OSVadded 2024/09/10 9:42 p.m.5 views

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS7.1AI score0.00759EPSS
Exploits0References4
CVE
CVEadded 2024/05/14 2:13 p.m.63 views

CVE-2024-34357

TYPO3 shows a cross-site scripting vulnerability in the ShowImageController (eID tx_cms_showpic ) caused by improper encoding of user-controlled values in file entities. The issue affects versions 9.0.0 up to but not including fixed releases: 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, a...

5.4CVSS5.1AI score0.00634EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2024/05/14 2:13 p.m.16 views

CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-si...

5.4CVSS6.3AI score0.00634EPSS
Exploits0References5
OSV
OSVadded 2024/05/14 2:13 p.m.15 views

CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-si...

5.4CVSS5.1AI score0.00634EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2024/05/14 12:0 a.m.18 views

TYPO3 9.0.0 < 9.5.48 ELTS / 10.0.0 < 10.4.45 ELTS / 11.0.0 < 11.5.37 / 12.0.0 < 12.4.15 / 13.0.0 < 13.1.1 XSS (TYPO3-CORE-SA-2024-009)

The version of TYPO3 installed on the remote host is prior to 9.0.0 9.5.48 ELTS / 10.0.0 10.4.45 ELTS / 11.0.0 11.5.37 / 12.0.0 12.4.15 / 13.0.0 13.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-009 advisory. - TYPO3 is an enterprise content management...

5.4CVSS5.4AI score0.00634EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2023/04/20 1:32 a.m.30 views

Ruby on Rails: Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.

An incorrect handling of certain characters passed to the redirection functionality in Rails could lead to a single-click XSS vulnerability. This vulnerability allowed an attacker to control the href attribute in the HTML response and serve an XSS payload by preventing the redirect. The...

4CVSS4AI score0.00207EPSS
Exploits2
OSV
OSVadded 2022/03/22 12:0 a.m.25 views

GHSA-HF8C-XR89-VFM5 Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

8.8CVSS9.3AI score0.04231EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2022/03/22 12:0 a.m.32 views

Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

8.8CVSS6.6AI score0.04231EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/03/21 5:14 p.m.0 views

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

8.8CVSS7.3AI score0.04231EPSS
Exploits1References4
OSV
OSVadded 2021/09/01 6:24 p.m.16 views

GHSA-VWHC-PWW7-72X6 Code Injection in total.js

Total.js framework npm package total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This c...

7.5CVSS7.5AI score0.00871EPSS
Exploits1References6
Cvelist
Cvelistadded 2021/05/14 7:10 p.m.38 views

CVE-2021-29550 Division by 0 in `FractionalAvgPool`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

2.5CVSS5.6AI score0.00009EPSS
Exploits1References2
Packet Storm
Packet Stormadded 2020/04/25 12:0 a.m.108 views

jQuery html() Cross Site Scripting

jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security platform estimates that 84% of all websites may be...

Exploits0
NVD
NVDadded 2018/06/04 7:29 p.m.8 views

CVE-2017-0931

html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...

6.1CVSS6AI score0.0022EPSS
Exploits1References2
OSV
OSVadded 2018/06/04 7:29 p.m.6 views

CVE-2017-0931

html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...

6.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelistadded 2018/06/04 7:0 p.m.13 views

CVE-2017-0931

html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...

5.9AI score0.0022EPSS
Exploits1References2
Rows per page
Query Builder