CVE-2025-64759

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an...

CVE-2025-64759 Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an...

CVE-2025-64759

CVE-2025-64759 affects Homarr before version 1.43.3, where a stored XSS flaw allows executing arbitrary JavaScript in a user’s browser via a malicious uploaded SVG. If an administrator views the page rendering or redirecting to the SVG, an attacker could add their account to the "credentials-admi...

WordPress Pixel Manager for WooCommerce plugin <= 1.43.3 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Pixel Manager for WooCommerce versions = 1.43.3...

iDEFENSE Security Advisory 11.19.02a: Denial of Service Vulnerability in Linksys Cable/DSL Routers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.19.02a: http://www.idefense.com/advisory/11.19.02a.txt Denial of Service Vulnerability in Linksys Cable/DSL Routers November 19, 2002 I. BACKGROUND Linksys Group Inc. currently sells several broadband router products,...