CVE-2025-58485

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script...

CVE-2025-58485

Samsung Internet prior to 29.0.0.48 is affected by an input validation issue that allows local attackers to inject arbitrary script. The root cause is improper input validation in the browser component, enabling local exploitation without network access. Impact is confined to local attack vectors...

EUVD-2025-200133

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script...

CVE-2025-58485

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script...

EUVD-2025-200102

Grav Admin Plugin vulnerable to Cross-Site Scripting XSS Stored endpoint /admin/config/site parameter datataxonomies...

CVE-2025-65187

CVE-2025-65187 describes a Stored XSS in CiviCRM prior to v6.7, specifically in the Accounting Batches field. An authenticated user can inject JavaScript into that field, which executes when the page is viewed. The vulnerability is documented across multiple feeds (NVD/Red Hat/Nessus/EUVD/OSV/Ubu...

PT-2025-48603

Name of the Vulnerable Software and Affected Versions Samsung Internet versions prior to 29.0.0.48 Description Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. This allows for the execution of malicious code within the...

PT-2025-48640

The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

SAMSUNG Internet 安全漏洞

SAMSUNG Internet is a cell phone application from the South Korean company Samsung SAMSUNG. It provides a browser function. A security vulnerability exists in SAMSUNG Internet versions prior to 29.0.0.48, which stems from improper input validation and could allow a local attacker to inject...

EUVD-2025-199993

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy CSP aims to enhance the Entra ID sign-in experience at "login.microsoftonline.com" by only letting...

EUVD-2025-199814

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

CVE-2025-30190 affects Open-Xchange OX App Suite. Malicious content in office documents can inject script code during document editing, executing unintended actions in the user’s context and potentially exfiltrating sensitive data. No public exploits are known. Root cause involves script injectio...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

EUVD-2025-199793

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

EUVD-2025-199792

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'orderby' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

PT-2025-48221

The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...