CVE-2025-13992

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-13992

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-13992

CVE-2025-13992 affects Google Chrome (Chrome/Chromium) prior to version 139.0.7258.66, involving a side-channel information leakage during Navigation and Loading that could allow a remote attacker to bypass site isolation via a crafted HTML page. Affected component/behavior is described in public...

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

CVE-2025-20385

CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...

PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1204)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1204 advisory. - In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6,...

Google Chrome < 126.0.6367.182 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29421)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

EUVD-2025-198334

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...

Google Chrome < 67.0.3396.79 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 67.0.3396.79. It is, therefore, affected by a vulnerability as referenced in the 201806stable-channel-update-for-desktop advisory. - Incorrect implementation in Content Security Policy in Google Chrome prior to...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...