Lucene search
K

59100 matches found

Microsoft CVE
Microsoft CVE
added 2025/10/31 2:0 p.m.7 views

Chromium: CVE-2025-12441 Out of bounds read in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6.4AI score0.00176EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/31 2:0 p.m.7 views

Chromium: CVE-2025-12429 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.4AI score0.00267EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/31 1:53 p.m.4 views

CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

5.3CVSS6AI score0.00405EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 1:53 p.m.15 views

CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

5.3CVSS6AI score0.00405EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/10/31 11:33 a.m.7 views

Update Chrome now: 20 security fixes just landed

Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome and other Chromium-based browsers that runs JavaScript. Chrome is by far the world’s most...

8.8CVSS8.5AI score0.06806EPSS
Exploits1
Veracode
Veracode
added 2025/10/31 8:12 a.m.7 views

Cross-site Scripting

Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...

5.4CVSS7AI score0.002EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.5 views

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

6.1CVSS6.4AI score0.00239EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27648)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.5 views

PT-2025-44621

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1 Description A cross-site scripting XSS issue exists in Nagios XI when a user visits the "missing page" 404 page after following a link from another website. The page-missing.php component does not properly...

5.4CVSS5.8AI score0.00535EPSS
Exploits0References6
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27646)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleaning and escaping of the pienumber parameter, which can be exploited by an attacker to injec...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27645)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...

5.4CVSS6.1AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27708)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.5 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-114: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript, leading to script execution in victims’ browsers and enabling social‑engineering attacks. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS6AI score
Exploits0References1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.4 views

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from an improper implementation in V8...

4.3CVSS6.1AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

6.3CVSS6.2AI score0.01374EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.4 views

Microsoft Edge (Chromium) < 142.0.3595.53 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 142.0.3595.53. It is, therefore, affected by multiple vulnerabilities as referenced in the October 31, 2025 advisory. - Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to...

8.8CVSS6.5AI score0.06806EPSS
Exploits2References43
Rows per page
Query Builder