Dependency-Track Front-End 跨站脚本漏洞

Dependency-Track Front-End is a Dependency-Track open source front-end UI for dependency tracking. A cross-site scripting vulnerability exists in Dependency-Track Front-End versions 4.12.0 through prior to 4.13.6, which stems from improper HTML cleanup and could lead to arbitrary JavaScript...

Google Chrome < 142.0.7444.175 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 142.0.7444.175. It is, therefore, affected by multiple vulnerabilities as referenced in the 202511stable-channel-update-for-desktop17 advisory. - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a...

CVE-2025-64308

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal...

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...

CVE-2025-64308

Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...

EUVD-2025-197665

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

Protection Mechanism Failure

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Protection Mechanism Failure through the openInNewTab function in the InspectorFrontendHostStub class within Chrome's DevTools component. An attacker can perform a sandbox escape by...

CVE-2025-9479

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-9479

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-9479

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

PATCHEVAL: A New Benchmark for Evaluating LLMs on Patching Real-World Vulnerabilities

Software vulnerabilities are increasing at an alarming rate. However, manual patching is both time-consuming and resource-intensive, while existing automated vulnerability repair AVR techniques remain limited in effectiveness. Recent advances in large language models LLMs have opened a new paradi...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A security vulnerability exists in versions prior to Google Chrome 133.0.6943.141, which stems from the V8 engine mishandling malicious HTML pages. The vulnerability can be exploited by an attacker to trigger heap corruption via specially crafte...

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from prototype contamination and could lead to the execution of arbitrary code...

Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability (CNVD-2025-28717)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from a buffer overflow vulnerability that stems from an incorrect boundary condition in a JavaScript WebAssembly component, which can be...

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-28720)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that originates from a compilation error in the JIT component of the JavaScript Engine, which can be exploited by an attacker to execute...

Mozilla Thunderbird < 140.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-91 advisory. - Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox 145, Firefox ESR...

AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

Uncontrolled Search Path Element

Overview aws-advanced-nodejs-wrapper is a Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating...

UBUNTU-CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

EUVD-2025-26604

This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn...