Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8731 matches found

CVE
CVEadded 2026/02/03 1:4 a.m.20 views

CVE-2025-61655

CVE-2025-61655 is a stored XSS vulnerability in Wikimedia Foundation VisualEditor. Public details identify vulnerable components as includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, and modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js, affecting Visual...

6.1CVSS5.2AI score0.00144EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/02/03 1:2 a.m.24 views

CVE-2025-61656

CVE-2025-61656 is a cross-site scripting (XSS) vulnerability in Wikimedia Foundation VisualEditor, caused by improper input neutralization in ve.Ce.ClipboardHandler.Js. Affected products/versions: VisualEditor before 1.39.14, 1.43.4, and 1.44.1. Impact is primarily client-side, enabling script ex...

6.1CVSS5.2AI score0.00149EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.3 views

WordPress plugin Visual Link Preview 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-6232

Name of the Vulnerable Software and Affected Versions Brecht Visual Link Preview versions through 2.2.9 Description A missing authorization flaw exists in Brecht Visual Link Preview, potentially allowing exploitation due to incorrectly configured access control security levels. Recommendations...

5.4AI score0.00315EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-6250

Name of the Vulnerable Software and Affected Versions Atarim versions through 4.3.1 Description An authorization issue exists in Vito Peleg Atarim atarim-visual-collaboration, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Atarim to a...

5.3CVSS5.4AI score0.00171EPSS
Exploits0References3
EUVD
EUVDadded 2026/02/02 10:36 a.m.5 views

EUVD-2026-5137

A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET...

7.5CVSS5.5AI score0.00607EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/02 12:0 a.m.3 views

PT-2026-5654

Name of the Vulnerable Software and Affected Versions huggingface/text-generation-inference version 3.3.6 huggingface/text-generation-inference versions prior to 3.3.7 Description A flaw exists in huggingface/text-generation-inference that allows unauthenticated remote attackers to cause a...

7.5CVSS7.4AI score0.00607EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2026/01/31 6:52 a.m.167 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

SCTT-2026-33-0002: DWM Visual-Field Singularity 📡 Theoret...

7.8CVSS5.9AI score0.05028EPSS
Exploits5
GithubExploit
GithubExploitadded 2026/01/31 6:40 a.m.188 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

SCTT-2026-33-0002: DWM Visual-Field Singularity 📡 Theoret...

7.8CVSS5.9AI score0.05028EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 8:30 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756.

Summary IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the she...

7.5CVSS6.3AI score0.03026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 8:29 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204

Summary IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation o...

7.5CVSS5.9AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 8:28 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...

8.7CVSS5.7AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 8:27 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...

8.6CVSS5.9AI score0.00677EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 8:24 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352

Summary IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION: A vulnerability exists in the...

5.3CVSS6.1AI score0.00325EPSS
Exploits0Affected Software1
OSV
OSVadded 2026/01/29 9:37 p.m.4 views

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/01/29 9:37 p.m.20 views

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS0.00113EPSS
Exploits0References1
Packet Storm News
Packet Storm Newsadded 2026/01/29 12:0 a.m.1 views

Microsoft Windows Script Host 5.812 File Generator

Microsoft Windows Script Host version 5.812 .vbs file generation tool that can be used to establish persistence on Windows systems...

5.9AI score
Exploits0
The Hacker News
The Hacker Newsadded 2026/01/28 5:46 p.m.12 views

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code VS Code extension for Moltbot formerly Clawdbot on the official Extension Marketplace that claims to be a free artificial intelligence AI coding assistant, but stealthily drops a malicious payload on compromised...

6.2AI score
Exploits0
OSV
OSVadded 2026/01/28 5:28 p.m.3 views

DRUPAL-CONTRIB-2026-006

This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/28 12:0 a.m.3 views

PT-2026-5242

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4 Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages,...

4.8CVSS5.4AI score0.00138EPSS
Exploits0References6
Rows per page
Query Builder