Lucene search
K

3862 matches found

NVD
NVD
added 2025/10/30 3:15 p.m.7 views

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

6.1CVSS0.0032EPSS
Exploits1References3
OSV
OSV
added 2025/10/30 10:15 a.m.3 views

UBUNTU-CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

5.9AI score0.0017EPSS
Exploits0References10
CVE
CVE
added 2025/10/30 12:0 a.m.11 views

CVE-2025-50574

CVE-2025-50574 is an XSS vulnerability affecting the Glamour Salon Management System v1, specifically in the blog-details.php component. The issue arises from insufficient input filtering on the blog comment section parameter, allowing remote attackers to inject arbitrary script or HTML. Multiple...

6.1CVSS5.6AI score0.0032EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 12:0 a.m.7 views

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

0.0032EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.3 views

PT-2025-44408

Name of the Vulnerable Software and Affected Versions Glamour Salon Management System version 1 Description A cross-site scripting XSS issue exists in the blog-details.php component. This allows remote attackers to inject arbitrary web script or HTML through the blog comment section parameter. Th...

6.1CVSS5.5AI score0.0032EPSS
Exploits1References5
CNVD
CNVD
added 2025/10/30 12:0 a.m.4 views

JeecgBoot Path Traversal Vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has a path traversal vulnerability that stems from a path traversal vulnerability in the interface...

6.3CVSS5.9AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.12 views

Glamour Salon Management System 安全漏洞

Glamour Salon Management System is a salon management system by the individual developer Hiruna Gallage. A security vulnerability exists in Glamour Salon Management System v1, which stems from the blog comment section parameter in blog-details.php not being filtered correctly, which could lead to...

6.1CVSS6AI score0.0032EPSS
Exploits1References4
Snyk
Snyk
added 2025/10/29 10:49 p.m.3 views

Malicious Package

Overview jira-ticket-todo-comment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:49 p.m.5 views

EUVD-2025-36808

Malicious code in jira-ticket-todo-comment npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.4 views

Malicious code in jira-ticket-todo-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/28 3:30 p.m.9 views

EUVD-2025-36523

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

5.1CVSS5.5AI score0.00453EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 3:16 p.m.5 views

CVE-2025-34314

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

5.4CVSS5.9AI score0.00453EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 2:33 p.m.5 views

CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

5.1CVSS5.5AI score0.00453EPSS
Exploits0References3
Redos
Redos
added 2025/10/28 12:0 a.m.6 views

ROS-20251028-09

A vulnerability in the Java library for JSON-lib bean-component conversion is related to improper handling unbalanced comment strings. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

5.3CVSS6.8AI score0.15413EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.9 views

PT-2025-44173

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SRC, DST, a...

5.4CVSS5.7AI score0.00453EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/24 12:40 a.m.5 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

6.1CVSS6.5AI score0.00258EPSS
Exploits1References1
NVD
NVD
added 2025/10/23 7:15 p.m.4 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

6.1CVSS0.00258EPSS
Exploits1References2
OSV
OSV
added 2025/10/23 7:15 p.m.4 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

6.1CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2025/10/23 12:0 a.m.6 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

0.00258EPSS
Exploits1References2
ICS
ICS
added 2025/10/22 6:45 p.m.4 views

IBM DOORS Next Generation multiple vulnerabilities

RISK EVALUATION IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting...

6.5AI score
Exploits0References1
Rows per page
Query Builder