EUVD-2025-204885

Malicious code in elf-stats-sprucey-giftbox-118 npm...

EUVD-2023-60238

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

PT-2025-52736

Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor versions up to and including 3.20.3 Description The Happy Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ha page custom js parameter. Insufficient input sanitizati...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

PT-2025-52666

Name of the Vulnerable Software and Affected Versions Schlix CMS versions prior to 2.2.9-5 Description Schlix CMS is affected by a Cross-Site Scripting XSS issue. The root cause is a lack of javascript sanitization in the login form, which allows incorrect login attempts to be logged as XSS in th...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...

Real Time Logic FuguHub 安全漏洞

Real Time Logic FuguHub is a consumer product from Real Time Logic developed using the Barracuda Application Server SDK. A security vulnerability exists in Real Time Logic FuguHub version 8.1 that stems from the /fs/ file manager interface not cleaning up or restricting script execution when...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

Exploit for CVE-2025-65790

CVE-2025-65790 - FuguHub 8.1 Reflected SVG XSS Reflecte...

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

BIT-HAPROXY-2025-11230 Denial of service vulnerability in HAProxy mjson library

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...