Lucene search
K

59096 matches found

Cvelist
Cvelist
added 2025/11/06 12:0 a.m.8 views

CVE-2025-63588

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...

0.00292EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.6 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

0.00288EPSS
Exploits1References2
RubySec
RubySec
added 2025/11/06 12:0 a.m.8 views

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS6.5AI score0.00192EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an improper implementation vulnerability that stems from an improper implementation in V8. An attacker could exploit this vulnerability by exploiting a heap corruption vulnerability via a carefully constructed HTML...

8.8CVSS7.3AI score0.0023EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/05 11:10 p.m.17 views

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...

8.7CVSS5.2AI score0.00213EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 10:49 p.m.20 views

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

6.9CVSS5.4AI score0.00387EPSS
Exploits0References6
NVD
NVD
added 2025/11/05 8:15 p.m.6 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS0.00159EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 8:15 p.m.4 views

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

6.1CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2025/11/05 7:21 p.m.16 views

CVE-2025-10853

Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...

6.1CVSS5.4AI score0.00159EPSS
Exploits0References1Affected Software9
OSV
OSV
added 2025/11/05 4:54 p.m.5 views

CLSA-2025-1762361695 nodejs: Fix of CVE-2023-39333

CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code...

5.3CVSS7AI score0.00936EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 2:11 p.m.3 views

CVE-2025-12682

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.5AI score0.00542EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/05 7:47 a.m.7 views

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...

6.3CVSS6.3AI score0.00166EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/05 3:30 a.m.2 views

GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

8.6CVSS7.4AI score0.02199EPSS
Exploits0References11
NVD
NVD
added 2025/11/05 1:15 a.m.6 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS0.02199EPSS
Exploits0References9
OSV
OSV
added 2025/11/05 1:15 a.m.4 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS7.9AI score
Exploits0References9
Snyk
Snyk
added 2025/11/05 12:52 a.m.3 views

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/05 12:52 a.m.4 views

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 12:22 a.m.456 views

CVE-2025-12735

Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...

9.8CVSS7.9AI score0.02199EPSS
Exploits0References9Affected Software2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...

9.8CVSS7.6AI score0.02199EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2025/11/05 12:0 a.m.5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 443906252 High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 447172715 High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 454485895 High...

8.8CVSS7.1AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder