Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded yesterday4 views

PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00406EPSS
Exploits0References6Affected Software1
OSV
OSVadded yesterday2 views

GHSA-55HG-8QXV-QJ4P PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenixstorybook playground accepts user-controlled attribute values over WebSocket and interpolates them unsanitized into a HEEx template that is subsequently...

9.5CVSS6.8AI score0.00406EPSS
Exploits0References6
Snyk
Snykadded 2026/03/11 12:37 a.m.1 views

Command Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Command Injection through the authenticateWebSocket process and unsanitized input in the WebSocket shell handler. An attacker can execute arbitrary operating system...

9.8CVSS6.1AI score0.00526EPSS
Exploits1References2
Snyk
Snykadded 2026/02/26 12:17 a.m.5 views

Arbitrary Code Injection

Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...

9.6CVSS6.4AI score0.00075EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/12/03 12:0 a.m.1 views

Canonical MAAS 安全漏洞

Canonical MAAS is a Canonical open source software for large-scale physical server management and automated deployment. A security vulnerability exists in Canonical MAAS that stems from improper validation of user websocket handler input, which could result in an authenticated, low-privileged...

7.7CVSS6.3AI score0.00038EPSS
Exploits0References1
CNVD
CNVDadded 2018/05/28 12:0 a.m.1 views

Martem TELEM-GW6/GWM Cross-Site Scripting Vulnerability

Martem specializes in providing remote control systems for monitoring and controlling distribution networks, and its customers include distribution companies as well as industrial and transportation companies that own their own power grids. A cross-site scripting vulnerability exists in Martem...

6.1CVSS6.8AI score0.00449EPSS
Exploits0References1
Rows per page
Query Builder