Lucene search
K

5125 matches found

OSV
OSV
added 2025/07/28 5:15 p.m.5 views

CVE-2025-54527

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...

6.1CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/28 4:20 p.m.9 views

CVE-2025-54527

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...

6.1CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2025/07/28 4:20 p.m.19 views

CVE-2025-54527

CVE-2025-54527 affects JetBrains YouTrack. The issue is an improper iframe configuration in the widget sandbox that allows popups to bypass security restrictions. Affects YouTrack versions prior to 2025.2.86935 and includes 2025.2.86935, 2025.2.87167, 2025.3.87341, and 2025.3.87344. The Red Hat/R...

6.1CVSS6.6AI score0.00247EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/28 4:20 p.m.4 views

CVE-2025-54527

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...

6.1CVSS6.6AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.7 views

PT-2025-31117 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2025.2.86935 JetBrains YouTrack version 2025.2.86935 JetBrains YouTrack versions 2025.2.86935 through 2025.2.87167 JetBrains YouTrack version 2025.3.87341 JetBrains YouTrack versions 2025.3.87341 through...

6.4CVSS6.6AI score0.00247EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.6 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack that stems from an iframe...

6.1CVSS6.5AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2025/07/26 6:43 a.m.24 views

CVE-2025-6987

The CVE-2025-6987 entry concerns the WordPress plugin Advanced iFrame. A stored XSS exists in the advanced_iframe shortcode across versions up to 2025.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contributor-level (authen...

6.4CVSS5.5AI score0.00283EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/26 6:43 a.m.8 views

CVE-2025-6987 Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.5 views

PT-2025-30963 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.5 Description: The Advanced iFrame plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin's advanced iframe shortcode. Insufficient input sanitization...

6.4CVSS5.7AI score0.00283EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.2 views

WordPress plugin Advanced iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.6AI score0.00283EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.3 views

NodeJS 安全漏洞

NodeJS is a JavaScript runtime environment based on the ChromeV8 engine from the OpenJS Foundation. By encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A security vulnerabilit...

6.1CVSS6.3AI score0.003EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/22 11:24 p.m.5 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

4.3CVSS6.1AI score0.003EPSS
Exploits1References3
CVE
CVE
added 2025/07/22 11:24 p.m.32 views

CVE-2025-54139

CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...

6.1CVSS6.8AI score0.003EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2025/07/22 11:24 p.m.4 views

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

4.3CVSS6.4AI score0.003EPSS
Exploits1References5
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox 141 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.4AI score0.00472EPSS
Exploits0References20Affected Software1
OSV
OSV
added 2025/07/21 9:12 p.m.5 views

GHSA-54VW-F4XF-F92J HAX CMS application pages vulnerable to clickjacking

Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...

4.3CVSS6AI score0.003EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/07/21 9:12 p.m.9 views

HAX CMS application pages vulnerable to clickjacking

Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...

6.1CVSS6.8AI score0.003EPSS
Exploits1References5Affected Software2
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.7 views

PT-2025-30361 · Hax Cms · Hax Cms

Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.7 and below PHP HAX CMS versions 11.0.12 and below NodeJS Description: HAX CMS does not include headers to prevent websites from loading the application within an iframe. This affects both the CMS and generated sites. An...

6.1CVSS6.4AI score0.003EPSS
Exploits1References11
OSV
OSV
added 2025/07/18 2:48 p.m.4 views

OESA-2025-1835 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and...

9.8CVSS9.4AI score0.32568EPSS
Exploits4References87
Packet Storm
Packet Storm
added 2025/07/16 12:0 a.m.98 views

📄 Beakon Cross Site Scripting / Open Redirection

Beakon versions prior to 5.4.3 suffer from cross site scripting and open redirection vulnerabilities. I am submitting a news article for publishing my recent Zero day vulnerability. I have already contacted MITRE and have CVE-2025-46102 reserved now. Please find below details: Title: Unsensitized...

5.4CVSS6.7AI score0.00254EPSS
Exploits1
Rows per page
Query Builder