59102 matches found
CVE-2025-52179
CVE-2025-52179 is an XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier. It allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint. Affected software: Zucchetti Ad Hoc Revolution up to versi...
CVE-2025-52180
Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...
Malicious Package
Overview airbnb-opentracing-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in airbnb-opentracing-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb6e111a14bd58c590e23784b48c4857ce72456a2fd0e20175152e13d93b0863 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36780
Malicious code in airbnb-opentracing-javascript npm...
MAL-2025-48980 Malicious code in airbnb-opentracing-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb6e111a14bd58c590e23784b48c4857ce72456a2fd0e20175152e13d93b0863 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-36841
Malicious code in ing-web-es npm...
Malicious code in firefly-sdk-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa500d2c9575be38d669c176c963359a471ba4af4853d21ba5031d9f8ed93b33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in firefly-utilities-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 272b473a3935398e8bbe5ca323982f141f6961f34964660c00cc78fb21d922af The package firefly-utilities-js was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-36847
Malicious code in firefly-utilities-js npm...
Malicious Package
Overview firefly-utilities-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-49012 Malicious code in iot-cardboard-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55bbfa86675a8cd534e3602af7ba1fb1f55c45cf15c8090af9ef87542d107c2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-62800
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378. However, the checks to ensure...
CVE-2025-34309
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...
CVE-2025-34310
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...
@aangeles/jefeui (>=1.10.0 <=1.11.6), @adamjoelfraser/auth-drizzle (>=1.0.0 <=1.0.2) +264 more potentially affected by unknown CVE via @auth/core (>=0.0.0-manual.fdbc96ab <=0.41.0)
@auth/core NPM version =0.0.0-manual.fdbc96ab, =1.10.0, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.11.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-AUTHCORE-13744119...
Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories
This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 20 security fixes: 447613211 High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26 450618029 High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10 442860743 High...
OPENSUSE-SU-2025:15679-1 libmozjs-128-0-128.14.0-2.1 on GA media
These are all security issues fixed in the libmozjs-128-0-128.14.0-2.1 package on the GA media of openSUSE Tumbleweed...