Lucene search
K

669 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: uglify-js (CVE-2022-25858)

The version of uglify-js installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-25858 advisory. - The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial...

7.5CVSS5.6AI score0.0232EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 11:1 p.m.4 views

Prototype Pollution

Overview lodash.unset is a The lodash method .unset exported as a module. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Detai...

8.2CVSS6.7AI score0.01535EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, which stem from the issue of not releasing the allocated memory when converting X.509 certificate fields to UTF-8. These vulnerabilities can...

7.5CVSS6.8AI score0.0023EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/13 8:0 a.m.7 views

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

5CVSS6.8AI score0.00298EPSS
Exploits0References7Affected Software12
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.8 views

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

4.3CVSS6.8AI score0.01123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.12 views

CVE-2009-4127

Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is...

9.3CVSS7.3AI score0.04959EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:38 a.m.5 views

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

5CVSS6.9AI score0.01243EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.10 views

CVE-2021-41780

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

7.8CVSS7.7AI score0.00503EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.5 views

CVE-2021-41502

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...

5.4CVSS5.6AI score0.00526EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.7 views

CVE-2022-35645

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.4CVSS5.9AI score0.00493EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Document Check Out feature, which could lead to cross-site scripting attacks...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:38 a.m.9 views

CVE-1999-0790

A remote attacker can read information from a Netscape user's cache via JavaScript...

2.6CVSS6.7AI score0.01017EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

5.3CVSS4.6AI score0.00309EPSS
Exploits1Affected Software2
CVE
CVE
added 2025/12/19 7:9 a.m.11 views

CVE-2025-66495

CVE-2025-66495 is a confirmed use-after-free vulnerability in Foxit PDF Reader/Editor related to annotation handling. Affected products include Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and macOS. The issue arises when opening a PDF containing specially crafted JavaScript, w...

7.8CVSS7.2AI score0.00255EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.5 views

Mozilla Firefox < 1.5.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 1.5.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-31 advisory. - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via...

9.3CVSS8.2AI score0.02753EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/26 10:32 a.m.13 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiali...

7.5CVSS6.4AI score0.00633EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.3 views

Google Chrome < 67.0.3396.87 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 67.0.3396.87. It is, therefore, affected by a vulnerability as referenced in the 201806stable-channel-update-for-desktop12 advisory. - Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote...

8.8CVSS8.2AI score0.00726EPSS
Exploits0References3
OSV
OSV
added 2025/11/11 4:15 p.m.4 views

CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

7.5CVSS5.8AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/10 1:18 a.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/05 12:52 a.m.3 views

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...

9.8CVSS8.1AI score0.02285EPSS
Exploits0References3
Rows per page
Query Builder