CVE-2025-46067

CVE-2025-46067 affects Automai Director v25.2.0. The issue allows a remote attacker to escalate privileges and access sensitive information via a specially crafted JavaScript file. Evidence from multiple sources confirms the affected product/version and the nature of the impact, described as priv...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

opencode 安全漏洞

opencode is an AI programming intelligence open-sourced by Anomaly. A security vulnerability exists in versions prior to opencode 1.1.10, which stems from the Markdown renderer not cleaning up the LLM response, and could lead to the execution of JavaScript via HTML injection...

Automai Director 安全漏洞

Automai Director is a centralized automation management console from Automai Corporation. A security vulnerability exists in Automai Director version 25.2.0, which can be exploited by a remote attacker to elevate privileges and gain access to sensitive information via a specially crafted js file...

InvisibleJS JavaScript Hiding Tool

Welcome to InvisibleJS, an experimental tool for hiding your JavaScript source code in plain sight using zero-width characters. This repository features two distinct versions of the obfuscator, tailored for different execution environments...

Label Studio 访问控制错误漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. An access control error vulnerability exists in Label Studio 1.22....

PT-2026-2274

Name of the Vulnerable Software and Affected Versions Automai Director version 25.2.0 Description An issue in Automai Director version 25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information through a crafted js file. Recommendations At the moment, there is no...

PT-2026-2316

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.1.10 Description The software is an open source AI coding agent. The markdown renderer used for responses from large language models inserts arbitrary HTML into the Document Object Model DOM without sanitization...

Linux Distros Unpatched Vulnerability : CVE-2023-26486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function ha...

Linux Distros Unpatched Vulnerability : CVE-2025-59840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0,...

Exploit for CVE-2024-28397

js2py Sandbox Escape CVE-2024-28397 Exploit para ejecución...

CVE-2026-21871

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

CVE-2025-59057

CVE-2025-59057 concerns an XSS vulnerability in React Router’s meta()/ APIs when used in Framework Mode. Affected software includes React Router 7.0.0–7.8.2 and @remix-run/react 1.15.0–2.17.0; the issue can enable arbitrary JavaScript execution during SSR if untrusted content is used to generate ...

Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

A Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. In a standard security model,...

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

CVE-2023-49258

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

CVE-2023-45311

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...

CVE-2023-45889

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

CVE-2023-45207

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...