Lucene search
K

154 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-55659

Grist has a cross-site scripting (XSS) vulnerability (CVE-2026-55659) in server-rendered pages caused by embedding user-controlled values into the page and inline scripts without proper escaping. The issue affects pages where a document’s name/description is rendered and where the OAuth2 end-of-f...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 7:36 a.m.19 views

CVE-2026-57240

CVE-2026-57240 affects Foxit PDF Editor/Reader: when opening a PDF, if JavaScript deletes form fields, the app may still reference old field pointers, causing a use-after-free and crash. The CVSS/metrics indicate a HIGH impact with local access, requiring user interaction. No explicit exploit det...

7.8CVSS6AI score0.00128EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/07/08 7:36 a.m.32 views

CVE-2026-57243 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.10 views

CVE-2026-57259

Technical details about CVE-2026-57259 are not publicly available in the provided documents; no product/version/root-cause information is present here. Monitor for updates.

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 3:57 a.m.15 views

Malicious code in acc-document-editing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c82ee7b879d66ba2fb79ec7ad7fee47623c2c3b68c8a925510b1f42cd1e3456 The DocumentEditor React component exported by this package, when an end-user opens a.doc file, POSTs the raw file bytes to...

5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.4CVSS5.8AI score0.00156EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/20 9:31 p.m.6 views

EUVD-2025-208909

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.8AI score0.00156EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 8:16 p.m.6 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.4CVSS0.00156EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.4 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.8AI score0.00156EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/20 12:0 a.m.4 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.8AI score0.00156EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

SyncFusion 安全漏洞

SyncFusion is a set of enterprise-level UI component development tools provided by the American company SyncFusion. Version 30.1.37 of SyncFusion contains a security vulnerability. This vulnerability stems from the Document-Editor’s reply comment field and Chat-UI chat messages, and could lead to...

5.4CVSS5.6AI score0.00156EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26666

CVE-2025-63260 SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message. https://t.co/lkPWuPDbql...

5.8AI score0.00156EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 12:0 a.m.24 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

0.00156EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 12:0 a.m.20 views

CVE-2025-63260

SyncFusion 30.1.37 is affected by a Cross-Site Scripting (XSS) vulnerability exposed through the Document-Editor’s reply-to-comment field and the Chat-UI chat messages. The issues are present in the UI components of SyncFusion for version 30.1.37 and are described consistently across Red Hat and ...

5.4CVSS5.8AI score0.00156EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.5AI score0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 6:30 p.m.5 views

EUVD-2025-202706

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.8AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/11 6:30 p.m.8 views

EUVD-2025-202702

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS7.3AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 4:16 p.m.5 views

CVE-2025-59803

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 4:16 p.m.20 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 12:0 a.m.23 views

CVE-2025-55310

CVE-2025-55310 affects Foxit PDF Editor for Windows/macOS prior to 13.2 and 2025 before 2025.2. An attacker who can alter or replace the StartPage static HTML files can cause malicious content to load at startup, leading to information disclosure or unauthorized data access. Remediation: update t...

7.3CVSS7.2AI score0.00105EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder