Lucene search
K

59137 matches found

Cvelist
Cvelist
added 2025/10/14 12:17 a.m.7 views

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

5.4CVSS0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/14 12:17 a.m.3 views

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

5.4CVSS6.2AI score0.00206EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 12:17 a.m.16 views

CVE-2025-42901

CVE-2025-42901 affects SAP Application Server for ABAP (BAPI Explorer) where an authenticated attacker can store malicious JavaScript payloads that execute in the victim’s browser. Impact is described as low for confidentiality and integrity, with no availability impact. Root cause involves store...

5.4CVSS6.2AI score0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 12:17 a.m.3 views

EUVD-2025-34126

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

5.4CVSS6.1AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2025/10/14 12:11 a.m.4 views

OSV-2025-835 Heap-use-after-free in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451334094 Crash type: Heap-use-after-free READ 8 Crash state: JSDefineProperty buildbacktrace JSCallInternal...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41836

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...

5.4CVSS6AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.7 views

PT-2025-42196

Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0 Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted:...

6.4CVSS8AI score0.00374EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.1 views

FreeBSD : Firefox -- JIT miscompilation in the JavaScript Engine (6dd86212-a859-11f0-bd95-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dd86212-a859-11f0-bd95-b42e991fc52e advisory. [email protected] reports: JIT miscompilation in the JavaScript Engine: JIT component. Tenable has...

7.5CVSS7.7AI score0.00217EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.1 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2025:03589-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03589-1 advisory. - CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large...

7.5CVSS7.2AI score0.00469EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/14 12:0 a.m.3 views

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

5.5AI score0.00318EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.8 views

SAP Application Server for ABAP 代码注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. A code injection vulnerability exists in SAP Application Server for ABAP that originates from allowing an authenticated attacker to store a malicious JavaScript payload that could lead to a cross-si...

5.4CVSS6.4AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 12:0 a.m.39 views

CVE-2025-60374

This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...

6.1CVSS5.5AI score0.00318EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-42183

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

5.4CVSS5.8AI score0.00452EPSS
Exploits3References2
Packet Storm News
Packet Storm News
added 2025/10/14 12:0 a.m.3 views

Clutch Control: An Attention-Based Combinatorial Bandit for Efficient Mutation in JavaScript Engine Fuzzing

JavaScript engines are widely used in web browsers, PDF readers, and server-side applications. The rise in concern over their security has led to the development of several targeted fuzzing techniques. However, existing approaches use random selection to determine where to perform mutations in...

6.8AI score
Exploits0
Kaspersky
Kaspersky
added 2025/10/14 12:0 a.m.4 views

KLA89244 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

9.8CVSS7.8AI score0.00465EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/10/14 12:0 a.m.5 views

KLA89243 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out of bounds read/write...

9.8CVSS8.4AI score0.00385EPSS
Exploits0References3
Mozilla
Mozilla
added 2025/10/14 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 144 — Mozilla

Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...

9.8CVSS7.1AI score0.00465EPSS
Exploits0References11Affected Software1
FreeBSD
FreeBSD
added 2025/10/14 12:0 a.m.5 views

Mozilla -- JavaScript Object property overriding

[email protected] reports: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.9AI score0.0021EPSS
Exploits0References1
Mozilla
Mozilla
added 2025/10/14 12:0 a.m.14 views

Security Vulnerabilities fixed in Firefox ESR 115.29 — Mozilla

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised...

9.8CVSS7.3AI score0.00385EPSS
Exploits0References4Affected Software1
Kaspersky
Kaspersky
added 2025/10/14 12:0 a.m.4 views

KLA89242 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

9.8CVSS7.8AI score0.00465EPSS
Exploits0References3
Rows per page
Query Builder