ctf-toolkit

Bug Bounty Recon Tool 🚀 The Ultimate Bug Bounty Recon Tool...

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

haproxy: denial of service vulnerability in HAProxy mjson library

A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function...

SUSE CVE-2025-9479

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-13230

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13230

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13229

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13226

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2025-13228

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13228

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2025-13226

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...

Mozilla Firefox ESR < 60.2.2

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-24 advisory. - A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments...

Mozilla Thunderbird < 52.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-30 advisory. - It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g...

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce v1.0, which originates from DOM-type cross-site scripting and could lead to arbitrary JavaScript execution...

CVE-2025-63693

CVE-2025-63693 affects DzzOffice 2.3.x. The vulnerability resides in the comment editing template (dzz/comment/template/edit_form.htm), which does not adequately escape user-controllable data across HTML and JavaScript contexts. This can allow low-privilege attackers to craft comment content or r...