91 matches found
FacturaScripts 2025.43 - XSS
Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...
PT-2026-26279
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credential...
CVE-2018-1000176
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's w...
CVE-2021-33853
A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...
CVE-2025-64443
MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
PT-2025-48198
Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.52.0 Description Ray, an AI compute engine, is affected by a critical Remote Code Execution RCE issue. The problem stems from insufficient protection against browser-based attacks. The current defense relies on the...
EUVD-2018-3237
Malware in sbrugna...
EUVD-2020-4724
Malware in sbrugna...
EUVD-2017-10264
Malware in sbrugna...
EUVD-2021-14170
Malware in sbrugna...
CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky...
EUVD-2024-35904
Malicious code in bioql PyPI...
EUVD-2024-18493
Malicious code in bioql PyPI...
EUVD-2022-5619
Malicious code in bioql PyPI...
EUVD-2025-5583
Malicious code in bioql PyPI...
EUVD-2023-48107
Malicious code in bioql PyPI...
EUVD-2024-19232
Malicious code in bioql PyPI...
EUVD-2023-33026
Malicious code in bioql PyPI...
PT-2025-37744
Name of the Vulnerable Software and Affected Versions: color-string version 2.1.1 Description: The npm publishing account for color-string was compromised following a phishing attack. Version 2.1.1 was published with a malicious payload designed to redirect cryptocurrency transactions within...