Lucene search
K

59137 matches found

Cvelist
Cvelist
added 2025/10/14 8:6 p.m.10 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00374EPSS
Exploits0References4
OSV
OSV
added 2025/10/14 8:6 p.m.4 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS7.7AI score0.00374EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/14 7:36 p.m.6 views

EUVD-2025-34249

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...

5.3CVSS5.5AI score0.00519EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/14 6:57 p.m.3 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

8.3CVSS6.7AI score0.00599EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/14 3:31 p.m.3 views

EUVD-2025-34205

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

5.9AI score0.0021EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6AI score0.0021EPSS
Exploits0References8
NVD
NVD
added 2025/10/14 1:15 p.m.6 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS0.0021EPSS
Exploits0References8
OSV
OSV
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS5.7AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11719

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

9.8CVSS5.8AI score0.00323EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11708

Use-after-free in MediaTrackGraphImpl::GetInstance. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS7.3AI score0.00465EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

8.1CVSS5.9AI score0.0033EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6.6AI score0.0021EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11714

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References11
OSV
OSV
added 2025/10/14 1:15 p.m.3 views

UBUNTU-CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2025/10/14 12:27 p.m.3 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6.6AI score0.0021EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/14 12:27 p.m.2 views

CVE-2025-11711 Some non-writable Object properties could be modified

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.6AI score0.0021EPSS
Exploits0References6
CVE
CVE
added 2025/10/14 12:27 p.m.37 views

CVE-2025-11711

The provided connected advisories confirm CVE-2025-11711 affects Firefox and Thunderbird across multiple versions (Firefox < 144, ESR < 140.4, Thunderbird < 144, ESR

6.5CVSS6.6AI score0.0021EPSS
Exploits0References8Affected Software2
The Hacker News
The Hacker News
added 2025/10/14 11:0 a.m.10 views

What AI Reveals About Web Applications— and Why It Matters

Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your syste...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/14 9:46 a.m.5 views

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

6.9CVSS6.4AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 1:15 a.m.3 views

CVE-2025-42901

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

5.4CVSS0.00206EPSS
Exploits0References2
Rows per page
Query Builder