59137 matches found
CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
CVE-2025-42901
CVE-2025-42901 affects SAP Application Server for ABAP (BAPI Explorer) where an authenticated attacker can store malicious JavaScript payloads that execute in the victim’s browser. Impact is described as low for confidentiality and integrity, with no availability impact. Root cause involves store...
EUVD-2025-34126
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...
OSV-2025-835 Heap-use-after-free in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451334094 Crash type: Heap-use-after-free READ 8 Crash state: JSDefineProperty buildbacktrace JSCallInternal...
PT-2025-41836
Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP affected versions not specified Description An authenticated attacker can store malicious JavaScript payloads. These payloads could be executed in a victim user's browser when accessing the affected functionalit...
PT-2025-42196
Name of the Vulnerable Software and Affected Versions Parse Javascript SDK versions prior to 7.0.0 Description A flaw exists in Parse Javascript SDK that, before version 7.0.0, allows for remote code execution through the injection of malicious payloads. The following components are impacted:...
FreeBSD : Firefox -- JIT miscompilation in the JavaScript Engine (6dd86212-a859-11f0-bd95-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dd86212-a859-11f0-bd95-b42e991fc52e advisory. [email protected] reports: JIT miscompilation in the JavaScript Engine: JIT component. Tenable has...
SUSE SLES15 Security Update : haproxy (SUSE-SU-2025:03589-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03589-1 advisory. - CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large...
CVE-2025-60374
Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...
SAP Application Server for ABAP 代码注入漏洞
SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. A code injection vulnerability exists in SAP Application Server for ABAP that originates from allowing an authenticated attacker to store a malicious JavaScript payload that could lead to a cross-si...
CVE-2025-60374
This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...
PT-2025-42183
Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...
Clutch Control: An Attention-Based Combinatorial Bandit for Efficient Mutation in JavaScript Engine Fuzzing
JavaScript engines are widely used in web browsers, PDF readers, and server-side applications. The rise in concern over their security has led to the development of several targeted fuzzing techniques. However, existing approaches use random selection to determine where to perform mutations in...
KLA89244 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...
KLA89243 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out of bounds read/write...
Security Vulnerabilities fixed in Thunderbird 144 — Mozilla
Use-after-free in MediaTrackGraphImpl::GetInstance A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to...
Mozilla -- JavaScript Object property overriding
[email protected] reports: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
Security Vulnerabilities fixed in Firefox ESR 115.29 — Mozilla
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised...
KLA89242 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...