Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59056 matches found

OSV
OSVadded 2025/11/19 3:15 p.m.7 views

CVE-2025-63243

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The slesSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

4.6CVSS5.7AI score0.00171EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/11/19 8:53 a.m.3 views

CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.00443EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/11/19 8:8 a.m.4 views

CVE-2025-13226

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.00219EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/11/19 8:8 a.m.3 views

CVE-2025-13227

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.00219EPSS
Exploits0References5
OSV
OSVadded 2025/11/19 2:16 a.m.4 views

MGASA-2025-0305 Updated thunderbird packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

8.8CVSS6.9AI score0.00401EPSS
Exploits0References4
Mageia
Mageiaadded 2025/11/19 2:16 a.m.5 views

Updated thunderbird packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

8.8CVSS7.1AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2025/11/19 12:35 a.m.1 views

SUSE CVE-2025-13223

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.04835EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2025/11/19 12:35 a.m.2 views

SUSE CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.00443EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/11/19 12:0 a.m.6 views

PT-2025-47458

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The sle sSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

4.6CVSS5.9AI score0.00171EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/11/19 12:0 a.m.2 views

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

5.5AI score0.00145EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/11/19 12:0 a.m.8 views

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

0.00145EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEVadded 2025/11/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

9.8CVSS6AI score0.1742EPSS
In wildExploits0References70
Positive Technologies
Positive Technologiesadded 2025/11/19 12:0 a.m.5 views

PT-2025-47472

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

6.1CVSS6.6AI score0.00199EPSS
Exploits1References3
CISA KEV Catalog
CISA KEV Catalogadded 2025/11/19 12:0 a.m.14 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption...

8.8CVSS6.9AI score0.04835EPSS
In wildExploits1
Snyk
Snykadded 2025/11/18 11:25 p.m.6 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...

8.2CVSS5.4AI score0.00216EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/11/18 10:19 p.m.160 views

ctf-toolkit

Bug Bounty Recon Tool 🚀 The Ultimate Bug Bounty Recon Tool...

7AI score
Exploits0
NVD
NVDadded 2025/11/18 7:15 p.m.2 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS0.00151EPSS
Exploits1References2
OSV
OSVadded 2025/11/18 7:15 p.m.4 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.3AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/18 6:2 p.m.5 views

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

4.8CVSS6.7AI score0.0019EPSS
Exploits0References1
NVD
NVDadded 2025/11/18 3:16 p.m.4 views

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

5.4CVSS0.0023EPSS
Exploits1References1
Rows per page
Query Builder