CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

Aurelia-Path < 1.1.7 - Prototype Pollution

Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...

CVE-2025-6596

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

Cockpit CMS 0.13.0 Multi-Endpoint Injection Scanner

Cockpit CMS version 0.13.0 multi-endpoint injection scanner. This tool is a defensive security scanner designed to safely assess web application endpoints for potential input-validation and injection weaknesses without executing any commands. It sends non-executable canary payloads through...

PT-2026-5983

Name of the Vulnerable Software and Affected Versions Belden ONT 2K05X router version 1.1.9 206L Description A stored cross-site scripting XSS issue exists in the web management interface of the PPC Belden ONT 2K05X router. The Common Gateway Interface CGI component does not properly handle...

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus from 2.0.12 to 2.0.39 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation, which could lead to prototype pollution...

CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

brace-expansion 安全漏洞

Brace-expansion is a JavaScript extension developed by Julian Gruber. Versions prior to brace-expansion 5.0.1 contained a security vulnerability due to an unbounded parentheses expansion mechanism, which could lead to regular expression denial-of-service attacks...

Fedora 43 : openqa / os-autoinst (2026-abd2d2d60c)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-abd2d2d60c advisory. This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They...

CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

CVE-2020-37072

Victor CMS 1.0 is affected by a stored cross-site scripting (XSS) flaw in the 'comment_author' POST parameter. The vulnerability allows an attacker to inject JavaScript that executes in a victim’s browser when comments are processed. Documented as CVE-2020-37072, the issue is described with a net...

CVE-2026-1862

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-5161

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-1862

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...