GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

GHSA-HQ57-C72X-4774 Gitea vulnerable to Cross-site Scripting

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

Gitea vulnerable to Cross-site Scripting

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

CVE-2025-68946 affects Gitea releases before 1.20.1, where a link can specify a forbidden URL scheme (e.g., javascript:) enabling XSS. The issue is fixed by upgrading to Gitea 1.20.1 or later (patch/markup module remediation noted in the linked advisories/releases). Practical impact is Cross‑Site...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

EUVD-2025-205421

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

Beyond Single Bugs: Benchmarking Large Language Models for Multi-Vulnerability Detection

Large Language Models LLMs have demonstrated significant potential in automated software security, particularly in vulnerability detection. However, existing benchmarks primarily focus on isolated, single-vulnerability samples or function-level classification, failing to reflect the complexity of...

XSSREFLECTOR

XSS Reflector XSS Reflector adalah tools otomatis untuk...

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

CVE-2019-25235

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...