Lucene search
K

59102 matches found

Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.4 views

PT-2025-44217

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, is affected by a reflected cross-site scripting issue. The problem exists in the OAuth client callback page oauth callback.py due to the insertion...

6.1CVSS5.4AI score0.0025EPSS
Exploits1References15
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.12 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.12 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/27 9:30 p.m.5 views

EUVD-2025-36326

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

6.4CVSS5.8AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2025/10/27 6:15 p.m.4 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 1:15 p.m.3 views

CVE-2025-41384

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

6.1CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 12:53 p.m.8 views

CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

5.1CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 12:53 p.m.4 views

EUVD-2025-36178

Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...

5.1CVSS5.7AI score0.00177EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/27 11:16 a.m.6 views

Cross-site Scripting (XSS)

net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...

6.1CVSS6.7AI score0.00223EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/27 6:11 a.m.2 views

EUVD-2025-36092

Malicious code in polyfill-corejs3 npm...

6.6AI score
Exploits0References1
CVE
CVE
added 2025/10/27 1:34 a.m.12 views

CVE-2025-62942

CVE-2025-62942 is a stored XSS in WP Mapbox GL JS Maps (Tempranova) affecting versions

6.5CVSS5.6AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2025/10/27 12:5 a.m.4 views

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS8.9AI score0.00773EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.2 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.4AI score0.00184EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/26 7:3 p.m.5 views

Malicious code in binance-connector-js (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61b2f0cbecf7f16706a567eb1deed7a8dc1722f112d2a002a9e94e690a066f3d Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
CNNVD
CNNVD
added 2025/10/26 12:0 a.m.5 views

WordPress plugin eRoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.4AI score0.00287EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/10/25 3:34 p.m.138 views

Exploit for CVE-2025-63307

CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...

8.1CVSS5.4AI score0.00321EPSS
Exploits2
Cvelist
Cvelist
added 2025/10/24 8:6 p.m.8 views

CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

8.1CVSS0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 3:31 p.m.7 views

EUVD-2025-35851

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.1CVSS6.2AI score0.00178EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/24 10:8 a.m.5 views

CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS5.2AI score0.00583EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 12:0 a.m.9 views

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

0.00178EPSS
Exploits1References1
Rows per page
Query Builder