Lucene search
K

59129 matches found

NVD
NVD
added 2025/10/15 2:15 p.m.10 views

CVE-2025-54858

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End o...

8.7CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 1:55 p.m.18 views

CVE-2025-59269

CVE-2025-59269 is a stored cross-site scripting (XSS) vulnerability in BIG-IP Configuration utility. It affects BIG-IP (all modules) and stems from insufficient input handling on an undisclosed page, allowing an attacker to store and execute JavaScript in the context of the currently logged-in us...

8.4CVSS5.3AI score0.00257EPSS
Exploits0References1Affected Software21
NVD
NVD
added 2025/10/15 1:16 p.m.4 views

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

6.1CVSS0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 7:15 a.m.8 views

CVE-2025-11160

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

5.4CVSS6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 6:43 a.m.4 views

CVE-2025-11160 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

6.4CVSS4.8AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 6:43 a.m.17 views

CVE-2025-11160

The CVE CVE-2025-11160 applies to the WPBakery Page Builder (WordPress) and is a stored XSS via the Custom JS module in all versions up to 8.6.1. The vulnerability arises from insufficient input sanitization and output escaping of user-supplied JavaScript, enabling authenticated users with contri...

6.4CVSS4.8AI score0.00194EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/10/15 4:18 a.m.6 views

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

8.6CVSS7.4AI score0.00349EPSS
Exploits0References5Affected Software4
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of stored cross-site scripting o...

8.4CVSS5.9AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of reflective cross-site scripting on an...

6.1CVSS5.9AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/15 12:0 a.m.4 views

Client Details System Cross-Site Scripting Vulnerability

Client Details System is a client information system. A cross-site scripting vulnerability exists in Client Details System that stems from malicious JavaScript code not being filtered in the username field, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.0022EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/14 10:24 p.m.5 views

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

6.4CVSS6.4AI score0.00374EPSS
Exploits0References5
NVD
NVD
added 2025/10/14 8:15 p.m.10 views

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00374EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/14 8:6 p.m.3 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS7.2AI score0.00374EPSS
Exploits0References4
CVE
CVE
added 2025/10/14 8:6 p.m.11 views

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

6.4CVSS7.2AI score0.00374EPSS
Exploits0References4
OSV
OSV
added 2025/10/14 8:6 p.m.4 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS7.7AI score0.00374EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/14 8:6 p.m.10 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00374EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/14 7:36 p.m.6 views

EUVD-2025-34249

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...

5.3CVSS5.5AI score0.00519EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/14 6:57 p.m.3 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

8.3CVSS6.7AI score0.00599EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/14 3:31 p.m.3 views

EUVD-2025-34205

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

5.9AI score0.0021EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6AI score0.0021EPSS
Exploits0References8
Rows per page
Query Builder