Lucene search
K

59102 matches found

CVE
CVE
added 2025/10/30 12:0 a.m.16 views

CVE-2025-52179

CVE-2025-52179 is an XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier. It allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint. Affected software: Zucchetti Ad Hoc Revolution up to versi...

6.1CVSS6AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 12:0 a.m.16 views

CVE-2025-52180

Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...

6.1CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/10/29 10:51 p.m.2 views

Malicious Package

Overview airbnb-opentracing-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:51 p.m.5 views

Malicious code in airbnb-opentracing-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb6e111a14bd58c590e23784b48c4857ce72456a2fd0e20175152e13d93b0863 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:51 p.m.4 views

EUVD-2025-36780

Malicious code in airbnb-opentracing-javascript npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/10/29 10:51 p.m.3 views

MAL-2025-48980 Malicious code in airbnb-opentracing-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb6e111a14bd58c590e23784b48c4857ce72456a2fd0e20175152e13d93b0863 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:46 p.m.3 views

EUVD-2025-36841

Malicious code in ing-web-es npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:46 p.m.2 views

Malicious code in firefly-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa500d2c9575be38d669c176c963359a471ba4af4853d21ba5031d9f8ed93b33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:46 p.m.3 views

Malicious code in firefly-utilities-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 272b473a3935398e8bbe5ca323982f141f6961f34964660c00cc78fb21d922af The package firefly-utilities-js was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/29 10:46 p.m.2 views

EUVD-2025-36847

Malicious code in firefly-utilities-js npm...

6.6AI score
Exploits0References1
Snyk
Snyk
added 2025/10/29 10:46 p.m.2 views

Malicious Package

Overview firefly-utilities-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:46 p.m.2 views

MAL-2025-49012 Malicious code in iot-cardboard-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55bbfa86675a8cd534e3602af7ba1fb1f55c45cf15c8090af9ef87542d107c2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/29 10:13 p.m.6 views

CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

6.1CVSS6.3AI score0.0025EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/10/29 9:47 p.m.15 views

DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378. However, the checks to ensure...

6.4CVSS6.6AI score0.00179EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 3:18 p.m.5 views

CVE-2025-34309

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...

5.4CVSS6AI score0.05013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/29 3:18 p.m.5 views

CVE-2025-34310

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...

5.4CVSS6AI score0.00453EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/10/29 10:43 a.m.6 views

@aangeles/jefeui (>=1.10.0 <=1.11.6), @adamjoelfraser/auth-drizzle (>=1.0.0 <=1.0.2) +264 more potentially affected by unknown CVE via @auth/core (>=0.0.0-manual.fdbc96ab <=0.41.0)

@auth/core NPM version =0.0.0-manual.fdbc96ab, =1.10.0, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.11.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-AUTHCORE-13744119...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.6 views

Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories

This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2025/10/29 12:0 a.m.8 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 20 security fixes: 447613211 High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26 450618029 High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10 442860743 High...

8.8CVSS7.2AI score0.06806EPSS
Exploits2References1
OSV
OSV
added 2025/10/29 12:0 a.m.1 views

OPENSUSE-SU-2025:15679-1 libmozjs-128-0-128.14.0-2.1 on GA media

These are all security issues fixed in the libmozjs-128-0-128.14.0-2.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References1
Rows per page
Query Builder