Lucene search
K

142 matches found

OSV
OSV
added 2025/11/18 3:16 p.m.5 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

5.4CVSS5.8AI score0.00235EPSS
Exploits1References1
CVE
CVE
added 2025/11/18 12:0 a.m.15 views

CVE-2025-63883

CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...

5.4CVSS6AI score0.00235EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/11 4:18 p.m.2 views

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

7.8CVSS6.8AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 12:0 a.m.23 views

CVE-2025-63589

CMSimple_XH 1.8 is affected by a reflected XSS in the index.php router: attacker-controlled path segments are not sanitized/encoded before being inserted into generated HTML (navigation links, breadcrumbs, search form action, footer links), allowing arbitrary JavaScript in victims’ browsers via a...

7.1CVSS6AI score0.00323EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2025/10/31 6:31 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedLanguageId parameter. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input to this parameter. Details Cross-site scripting or XSS is a code vulnerability that...

6.1CVSS5.5AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0631

Malware in sbrugna...

7.5CVSS7.6AI score0.01606EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2020-24472

Malware in sbrugna...

6CVSS6AI score0.00299EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-6586

Malware in sbrugna...

10CVSS6.4AI score0.01586EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1007

Malware in sbrugna...

9.8CVSS9.3AI score0.04164EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-24935

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1254

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.02081EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-7029

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00873EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-46589

Malicious code in bioql PyPI...

5.9CVSS7.6AI score0.01325EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/03 5:1 a.m.6 views

Insecure Deserialization

DeepDiff is vulnerable to insecure deserialization.The vulnerability is due to class pollution via the Delta class constructor which, when combined with a gadget in DeltaDiff, allows an attacker to modify deepdiff.serialization.SAFETOIMPORT and trigger insecure Pickle deserialization through Delt...

10CVSS7.9AI score0.01056EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2025/08/20 10:54 a.m.5 views

Remote Code Execution (RCE)

@nestjs/devtools-integration is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sandboxing and missing cross-origin protections due to unsafe execution of attacker-controlled input in a JavaScript sandbox via the /inspector/graph/interact endpoint...

9.4CVSS7.9AI score0.43921EPSS
Exploits4References9Affected Software1
NVD
NVD
added 2025/08/08 7:15 p.m.7 views

CVE-2012-10044

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...

10CVSS0.01586EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/08 6:11 p.m.13 views

CVE-2012-10044 MobileCartly 1.0 savepage.php Arbitrary File Creation

MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...

10CVSS0.01586EPSS
Exploits0References5
Snyk
Snyk
added 2025/06/19 4:19 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 4:19 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
Redos
Redos
added 2025/06/19 12:0 a.m.9 views

ROS-20250619-11

The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...

9.8CVSS7.3AI score0.00791EPSS
Exploits0
Rows per page
Query Builder