NPM: n8n Has an XML Node Prototype Pollution Patch Bypass

NPM: n8n Has an XML Node Prototype Pollution Patch Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

NPM: n8n Has an Arbitrary File Read via Git Node

NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

EUVD-2025-11140

Malicious code in bioql PyPI...

CVE-2025-32388

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388 SvelteKit allows XSS via tracked search_params

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388 SvelteKit allows XSS via tracked search_params

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388 SvelteKit allows XSS via tracked search_params

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...

CVE-2025-32388

CVE-2025-32388 affects SvelteKit prior to v2.20.6 where unsanitized iteration over event.url.searchParams in a server load function enables XSS. The issue is fixed in 2.20.6; upgrade to 2.20.6 or later.

PT-2025-16545

Name of the Vulnerable Software and Affected Versions SvelteKit versions prior to 2.20.6 Description The issue arises from unsanitized search param names, leading to an XSS vulnerability. This occurs when iterating over all entries of event.url.searchParams inside a server load function. Attacker...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. A cross-site scripting vulnerability exists in Adobe Experience Manager Core Components 2.20.6 and prior versions, which originates when a victim accesses a...

PT-2022-4095 · Adobe · Adobe Experience Manager Core Components

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager Core Components versions 2.20.6 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability, which may allow an attacker to execute malicious JavaScript content within the conte...