PT-2025-50620

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

PT-2025-50619

Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description A specially crafted PDF document can utilize JavaScript to modify annotation content and then remove the file’s modification status...

CVE-2025-55314

CVE-2025-55314 affects Foxit PDF Editor (Windows/macOS) prior to 13.2 and Foxit Reader prior to 2025.2. When pages are deleted via JavaScript, the software may fail to update internal states, causing dereference of invalid or released memory. This can lead to memory corruption, application crashe...

LibreChat 跨站脚本漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A cross-site scripting vulnerability exists in LibreChat 0.8.0 and earlier versions that stems from an unhandled JSON parsing error that could lead to a cross-site scripting attack...

CE Phoenix 跨站脚本漏洞

CE Phoenix is a powerful e-commerce store from Phoenix Cart open source. A cross-site scripting vulnerability exists in CE Phoenix version v3.0.1, which stems from the presence of stored cross-site scripting in the Currency Management Panel that could lead to the execution of arbitrary JavaScript...

CVE-2025-55307

CVE-2025-55307 – Foxit PDF and Editor for Windows is affected in versions prior to 13.2 and 2025 before 2025.2. A malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath (e.g., "/") can trigger an out-of-bounds read in internal path-parsing logic, potentially l...

PT-2025-50621

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

FreeBSD : Mozilla -- JIT miscompilation (a3c77387-d6a8-11f0-8e1b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a3c77387-d6a8-11f0-8e1b-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the...

FreeBSD : Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component (b25f61b8-d6a8-11f0-8e1b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b25f61b8-d6a8-11f0-8e1b-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engin...

EUVD-2025-202470

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2025-202551

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2025-202507

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2025-202562

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2025-202564

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64873

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64847

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64847

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64821

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64614

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64619

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...