Lucene search
K

59143 matches found

CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.4 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.2 views

QGIS QWC2 Registration GUI 安全漏洞

The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...

6.9CVSS6.2AI score0.00398EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.3 views

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

6.9CVSS6AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41780

Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...

6.9CVSS6.1AI score0.00398EPSS
Exploits0References3
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.2 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...

6.1CVSS6.5AI score0.00192EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.6AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/10/12 7:35 a.m.129 views

XSS-Payloads-to-Bypass-WAFs

PoC exploit for XSS payloads to bypass WAFs, specifically target...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/11 11:20 a.m.5 views

CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

7.3CVSS5.8AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/10 11:46 p.m.12 views

EUVD-2025-33777

Happy DOM: VM Context Escape can lead to Remote Code Execution...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/10 8:22 p.m.4 views

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.5CVSS6.8AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 8:15 p.m.3 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS0.00599EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 7:38 p.m.10 views

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS0.00599EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 7:38 p.m.22 views

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References4
CVE
CVE
added 2025/10/10 7:38 p.m.48 views

CVE-2025-61927

CVE-2025-61927 affects Happy DOM v19 and earlier, where the Node.js VM Context is not isolated and untrusted JavaScript executed inside the Happy DOM VM can escape to access process-level functionality. Depending on module system (ESM vs CommonJS), attackers may obtain access to powerful objects ...

7.2CVSS6.8AI score0.00599EPSS
Exploits0References2
NVD
NVD
added 2025/10/10 7:15 p.m.4 views

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

8.3CVSS0.00388EPSS
Exploits1References2
Rows per page
Query Builder