Lucene search
+L

25 matches found

nvd
nvd
added 3 days ago6 views

CVE-2026-48257

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS0.00271EPSS
Exploits0References1
ossf
ossf
added 2026/07/08 4:35 p.m.10 views

Malicious code in chai-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38236fbbdbbaa8f8ed9315c3a4ff01fbf049215896036b1cb68611681fe0eb00 chai-redirection presents itself as a chai assertion plugin but its main entry index.js unconditionally spawns a detached Node child process running...

6.2AI score
Exploits0References4
osv
osv
added 2026/06/16 4:22 p.m.20 views

MAL-2026-5908 Malicious code in chain-chai-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...

5.8AI score
Exploits0References3
ossf
ossf
added 2026/06/16 4:22 p.m.10 views

Malicious code in chain-chai-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4287ff6637bb0d3109dcdc3082aece79d69deca2a3580ebf850ec1c13e8a3e00 [email protected] advertises itself as a pino-style logger keywords fast/logger/stream/json, exported alias module.exports.pino = middleware,...

5.8AI score
Exploits0References3
osv
osv
added 2026/06/11 5:6 a.m.18 views

MAL-2026-5579 Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/06/11 5:6 a.m.18 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

6.1AI score
Exploits0References2
attackerkb
attackerkb
added 2026/04/14 5:33 p.m.3 views

CVE-2026-34614

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

6.1CVSS5.7AI score0.00187EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/07 9:17 a.m.7 views

CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied ...

6.5CVSS7.1AI score0.00196EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-15437

Malware in sbrugna...

9.8CVSS9.1AI score0.01109EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-5459

Malware in sbrugna...

7.5CVSS7.8AI score0.03707EPSS
Exploits0References17
euvd
euvd
added 2025/10/07 12:30 a.m.42 views

EUVD-2020-5521

Malware in sbrugna...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5539

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00245EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0218

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.01473EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-7259

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.0061EPSS
Exploits1References6
osv
osv
added 2025/07/28 4:41 p.m.9 views

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

5.4CVSS7.1AI score0.00395EPSS
Exploits1References5
osv
osv
added 2025/07/07 10:15 a.m.10 views

CVE-2025-4779

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

6.1CVSS8.7AI score0.00415EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/22 6:16 a.m.4 views

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

5.4CVSS6.2AI score0.00826EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:48 a.m.9 views

CVE-2019-10634

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields...

5.4CVSS5.7AI score0.00837EPSS
Exploits1References1
nvd
nvd
added 2025/03/03 8:15 p.m.25 views

CVE-2024-51959

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
nvd
nvd
added 2025/03/03 8:15 p.m.19 views

CVE-2024-51948

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder