19 matches found
CVE-2026-35569
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...
CVE-2026-42041
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...
CVE-2026-5816
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...
PT-2025-42183
Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...
EUVD-2012-4613
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2013-6668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the generateRow method. An attacker can execute arbitrary JavaScript code in the user's browser...
Proofpoint Insider Threat Management Cross-Site Scripting Vulnerability
Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint Corporation. A cross-site scripting vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from the presence of a Reflected Cross-Site Scriptin...
PT-2023-20332 · Opentsdb · Opentsdb
Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Exploit for Injection in Google Android
This is a full exploit for CVE-2016-6754, also known as BadKernel. The exploit is a proof-of-concept PoC code that demonstrates a vulnerability in the Linux kernel. The code is written in JavaScript and is intended to be used for educational purposes only. The exploit targets a vulnerability in t...
Abacus OAuth Login Cross-Site Scripting Vulnerability
Abacus OAuth Login is a single sign-on software from Abacus Switzerland. A cross-site scripting vulnerability exists in oauth/oauth2/v1/saml/ in version 201901r4201910210000 prior to Abacus OAuth Login R4 20.11.2019 Hotfix, which can be exploited by an attacker to execute JavaScript code in a...
Multiple vendor based Broadcom cable modems buffer overflow vulnerability
Sagemcom F@st 5260, Sagemcom F@st 3890 etc. is a router.Technicolor TC7230 STEB is a wireless router. A buffer overflow vulnerability exists in Broadcom cable modems based on multiple vendors. A remote attacker could execute arbitrary code in the kernel via JavaScript running in the victim's...
AudioCodes 400HD Cross-Site Scripting Vulnerability
AudioCodes 400HD is a 400HD series IP phone product from AudioCodes Israel. A cross-site scripting vulnerability exists in AudioCodes 400HD, which can be exploited by remote attackers to execute JavaScript code in a user's browser...
FreeBSD : mozilla -- Speculative execution side-channel attack (8429711b-76ca-474e-94a0-6b980f1e2d47)
Mozilla Foundation reports : Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated tha...
mozilla -- Speculative execution side-channel attack
Mozilla Foundation reports: Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that...
Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability
Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A cross-site scripting vulnerability exists in the implementation of Modicon PLC, which can be exploited by an attacker to construct a specific URL and execute arbitrary Java...