Lucene search
K

59100 matches found

Snyk
Snyk
added 2025/10/28 9:46 p.m.3 views

Cross-site Scripting (XSS)

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createcallbackhtml function. An attacker can execute arbitrary JavaScript in the context of the callback server's origin by supplying...

6.1CVSS5.5AI score0.0025EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/28 7:53 p.m.4 views

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

6.1CVSS6.2AI score0.00564EPSS
Exploits2References1
OSV
OSV
added 2025/10/28 3:16 p.m.3 views

CVE-2025-34308

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

5.4CVSS6AI score0.00453EPSS
Exploits0References3
OSV
OSV
added 2025/10/28 3:16 p.m.4 views

CVE-2025-34316

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

5.4CVSS5.9AI score0.00453EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 2:36 p.m.3 views

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

5.1CVSS5.6AI score0.00453EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/28 2:15 p.m.4 views

CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

9.8CVSS7.3AI score0.00308EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/28 1:49 p.m.6 views

CVE-2025-41384

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

6.1CVSS6.2AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:28 a.m.13 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6.7AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.13 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

5.4CVSS6.1AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.13 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.7AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-47223

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists within the V8 component of Google Chrome. This flaw could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML...

10CVSS6.7AI score0.06806EPSS
Exploits2References89
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...

8.8CVSS7.7AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.4 views

PT-2025-47220

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page...

8.8CVSS6.6AI score0.06806EPSS
Exploits2References81
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via specially...

8.8CVSS7.8AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-47219

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists in the V8 component of Google Chrome. This flaw could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page...

10CVSS6.5AI score0.06806EPSS
Exploits2References90
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-47221

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists in the V8 component of Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially designed HTML page...

8.8CVSS6.6AI score0.06806EPSS
Exploits2References82
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.4 views

PT-2025-44217

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, is affected by a reflected cross-site scripting issue. The problem exists in the OAuth client callback page oauth callback.py due to the insertion...

6.1CVSS5.4AI score0.0025EPSS
Exploits1References15
Rows per page
Query Builder