CVE-2025-66093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

RockyLinux 10 : thunderbird (RLSA-2025:21843)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21843 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

RLSA-2025:21843 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

CVE-2025-66067

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...

CVE-2025-66091 WordPress Stylish Cost Calculator plugin <= 8.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...

CVE-2025-66090 WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

PT-2025-47733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.5.2...

PT-2025-47759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.1.5...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

WordPress Royal Elementor Addons plugin <= 1.7.1031 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Royal Elementor Addons versions = 1.7.1031...

WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin LightGallery WP versions = 1.0.5...

ALSA-2025:21881 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

Updated thunderbird packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...