CVE-2025-66470

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

CVE-2025-66470

CVE-2025-66470 affects NiceGUI <= 3.3.1 via the ui.interactive_image component, which renders SVG content with Vue v-html without sanitization. This can lead to stored/reflected XSS through the SVG tag when images are rendered or updated. The issue is fixed in NiceGUI 3.4.0; remediation is to...

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

PT-2025-49682

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, has an issue where the ui.interactive image component can be exploited for cross-site scripting XSS. The component renders Scalable Vector Graphics SVG content...

📄 React 19.2.0 PHP Scanner / Remote Code Execution

This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE‑2025‑55182 affecting React Server Components. It leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.interactiveimage component when rendering SVG content using the v-html directive without sanitization. An attacker can execute...

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

GHSA-2M4F-CG75-76W2 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Next.js Exploit Tool 이 도구는 Next.js의 취약점CVE-20...

Exploit for Deserialization of Untrusted Data in Facebook React

‼️ CVE-2025-55182 Pwn React2Shell RCE Exploit with Interactive...

Exploit for CVE-2025-9074

CVE-2025-9074 Exploit Tool A sophisticated exploitation frame...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 PoC Usage bash Interacti...

Exploit for Deserialization of Untrusted Data in Facebook React

👻 CVE-2025-55182 Interactive RCE exploitation tool for CVE-...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RSC Vulnerability Scanner CVE-2025-66478 A lightwei...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

Exploit for CVE-2025-55182

CVE-2025-55182-RCE-shell Detection -dnslog DNSLog N...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

Exploit for CVE-2025-55182

CVE-2025-55182 Next.js RCE Exploit 🚀 !Pythonhttps://img.sh...