PT-2025-45299

Name of the Vulnerable Software and Affected Versions tagDiv Cloud Library versions prior to 3.9.2 Description The tagDiv Cloud Library contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for the...

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

CVE-2025-63418

A DOM-based Cross-Site Scripting XSS vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability arises from the application's client-side...

CVE-2024-51317

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the domnodenormalize function...

Cross-site Scripting (XSS)

Overview @cosmos.gl/graph is a GPU-based force graph layout and rendering Affected versions of this package are vulnerable to Cross-site Scripting XSS due to writing a user-controllable HTML string directly to the DOM without sanitization. An attacker can execute arbitrary JavaScript code in a...

CVE-2025-64362 WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds...

CVE-2025-64208

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through = 1.1.4...

CVE-2025-64208 WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through = 1.1.4...

EUVD-2025-35978

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

CVE-2025-62963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

CVE-2025-62967

CVE-2025-62967 — WordPress Plugin DirectoryPress (

CVE-2025-62963

CVE-2025-62963 describes a DOM-based Cross-Site Scripting flaw in the WordPress plugin Estatik (Estatik Real Estate Plugin) due to improper input neutralization during web page generation. The initial record states impact on Estatik versions up to 4.1.13 (and connected sources indicate a broader ...

CVE-2025-62921

CVE-2025-62921 is a DOM-based XSS vulnerability in the WordPress plugin Bulk Auto Image Title Attribute (bulk-image-title-attribute)

PT-2025-43806

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.7.15...

PT-2025-43798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...

CVE-2021-43768

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe...

EUVD-2021-30675

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe...

CVE-2021-43768

CVE-2021-43768 affects Malwarebytes For Teams up to v1.0.990; the issue is a privilege escalation via the COM interface running in mbamservice.exe. It is fixed in v1.0.1003 and later. Affected component is the COM interface, which can be leveraged to elevate privileges within the host. Remediatio...

CVE-2025-49923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through = 3.11.1...