CVE-2025-55033

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...

Linux Distros Unpatched Vulnerability : CVE-2024-21896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a...

Linux Distros Unpatched Vulnerability : CVE-2020-7676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in...

Linux Distros Unpatched Vulnerability : CVE-2021-22939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers...

Prototype Pollution

Overview org.webjars.npm:content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries...

Linux Distros Unpatched Vulnerability : CVE-2019-9790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still ...

CVE-2025-54803 js-toml is vulnerable to Prototype Pollution

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...

CVE-2025-34146

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...

PT-2025-31720 · Partner · Partner Web Application +1

Name of the Vulnerable Software and Affected Versions: Partner Software's Partner Software application and Partner Web application affected versions not specified Description: The application does not completely sanitize input on the 'Notes' page when viewing a job, allowing an authenticated user...

CVE-2025-8319

CVE-2025-8319 affects Barracuda Message Archiver (BMA) where the login interface permits arbitrary JavaScript/HTML to be written into the page’s DOM via the error= URL parameter, enabling cross-site scripting (XSS). The issue is triggered by the error parameter and involves the BMA web interface,...

PT-2025-31341 · Bma · Bma

Name of the Vulnerable Software and Affected Versions: BMA affected versions not specified Description: The BMA login interface allows arbitrary JavaScript or HTML to be written directly into the page’s Document Object Model DOM via the error= URL parameter. This can lead to potential cross-site...

The vulnerability of the f_strflocaltime() function in the programming language JQ, which allows attackers to compromise the accessibility of protected information

The vulnerability of the fstrflocaltime function in the JavaScript programming language is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-7920 Simopro Technology｜WinMatrix3 Web package - Reflected Cross-Site Scripting

WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-53890

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...

PT-2025-29530 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload versions prior to 0.5.0b3.dev89 Description: pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to...

CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

Exploit for Type Confusion in Google Chrome

CVE-2025-6554 CVE-2025-6554 is a vulnerability in Chrome'...