Lucene search
K

735 matches found

Github Security Blog
Github Security Blog
added 2025/12/19 9:32 p.m.6 views

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

6.9AI score
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.12 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS8.4AI score0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 12:30 p.m.8 views

EUVD-2025-199820

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

6.9AI score0.00398EPSS
Exploits0References3
NVD
NVD
added 2025/11/27 12:15 p.m.17 views

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

4.7CVSS0.00398EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/11/27 9:5 a.m.5 views

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

...

6.5CVSS7AI score0.01829EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.6 views

PT-2025-48264

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.18.0 through 4.20.1 Apache CloudStack versions 4.21.0 through 4.21.9 Description An improper control of code generation 'Code Injection' issue exists in Apache CloudStack, specifically within several APIs accessibl...

4.7CVSS7.3AI score0.00398EPSS
Exploits0References9
EUVD
EUVD
added 2025/11/25 9:32 p.m.5 views

EUVD-2025-199634

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS7.9AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2025/11/25 7:15 p.m.5 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

6.5CVSS5.8AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

6.5CVSS7.6AI score0.00179EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.5 views

SIGB PMB 安全漏洞

SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which stems from improper handling of the parameters id and datas in the component /opaccss/ajaxselector.php, which could lead to a SQL injection attack...

6.5CVSS7.7AI score0.00179EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.11 views

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

0.00179EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 12:0 a.m.7 views

CVE-2025-61167

SIGB PMB v8.0.1.14 contains multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component, exploitable via the id and datas parameters. Root cause: improper handling of user-supplied input in that endpoint allows SQL commands to be injected, potentially leading to unauthoriz...

6.5CVSS8.1AI score0.00179EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2025/11/20 11:30 a.m.4 views

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

6.8AI score
Exploits0
Veracode
Veracode
added 2025/11/19 10:5 a.m.6 views

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.item.selector.web is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the asset author’s First Name, Middle Name, or Last Name fields, which allows an authenticated attacker to inject arbitrary web...

5.4CVSS6AI score0.00205EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.8 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS5.3AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 9:15 a.m.7 views

CVE-2025-9625

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00133EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 8:27 a.m.6 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00133EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 8:27 a.m.15 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197947

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS4.8AI score0.00133EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/18 8:27 a.m.2 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS4.9AI score0.00133EPSS
Exploits0References4
Rows per page
Query Builder