Lucene search
K

59098 matches found

GithubExploit
GithubExploit
added 2025/11/03 12:1 a.m.135 views

xss_test

It is an offensive tool for web application testing. The tool ta...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/03 12:0 a.m.89 views

📄 Hop.bg Cross Site Scripting

Hop.bg appears to suffer from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44771

Name of the Vulnerable Software and Affected Versions Simple User Management System with PHP-MySQL version 1.0 Description The Simple User Management System with PHP-MySQL fails to properly sanitize user input in the Profile Section, allowing attackers to inject and execute arbitrary JavaScript...

4.6CVSS5.9AI score0.00173EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/03 12:0 a.m.1 views

FreeBSD : Firefox -- Incorrect boundary conditions (af9c5b99-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the af9c5b99-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1979502 reports: Incorrect boundary conditions in the...

6.5CVSS7.1AI score0.00291EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/02 8:50 p.m.4 views

Malicious code in webswing-directdraw-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e79387f18b95e5ef7af4d75095dd85e7dedcff2c1e2a068795989cc559bbc695 The package webswing-directdraw-javascript was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/11/02 8:50 p.m.5 views

EUVD-2025-37445

Malicious code in webswing-directdraw-javascript npm...

6.6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/11/02 3:8 p.m.107 views

exploit

It is an offensive tool for web applications. The repository con...

8.2AI score
Exploits0
GithubExploit
GithubExploit
added 2025/11/02 7:39 a.m.206 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528.yaml Flowise is a drag & drop user interface to...

10CVSS7.9AI score0.90183EPSS
Exploits21
RedhatCVE
RedhatCVE
added 2025/11/02 3:48 a.m.9 views

CVE-2025-11928

The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 2:20 p.m.7 views

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS6AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 2:20 p.m.26 views

CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6.3AI score0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/01 3:34 a.m.1 views

CVE-2025-11928 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.7AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.5 views

PT-2025-44701

Name of the Vulnerable Software and Affected Versions CSS & JavaScript Toolbox versions prior to 12.0.6 Description The CSS & JavaScript Toolbox plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows...

4.4CVSS5.3AI score0.00173EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.1 views

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS6.9AI score0.00992EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.2 views

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS6.8AI score0.00938EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.4 views

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

6.1CVSS6.8AI score0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 3:30 p.m.5 views

EUVD-2025-37359

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS5.8AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2025/10/31 2:16 p.m.3 views

CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS0.00405EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/10/31 2:0 p.m.7 views

Chromium: CVE-2025-12441 Out of bounds read in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6.4AI score0.00176EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/31 2:0 p.m.7 views

Chromium: CVE-2025-12429 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.4AI score0.00267EPSS
Exploits0
Rows per page
Query Builder