Lucene search
K

59092 matches found

NVD
NVD
added 2025/12/22 8:15 p.m.6 views

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

6.1CVSS0.00218EPSS
Exploits3References2
NVD
NVD
added 2025/12/22 5:15 p.m.10 views

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

6.1CVSS0.00158EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/22 1:36 p.m.6 views

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

9.8CVSS5.7AI score0.00481EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/22 1:36 p.m.8 views

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

7.3CVSS5.7AI score0.00292EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/12/22 1:36 p.m.8 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS7.3AI score0.00498EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2025/12/22 1:36 p.m.7 views

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

9.8CVSS5.7AI score0.00422EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/22 1:35 p.m.5 views

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS7.2AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

Real Time Logic FuguHub 安全漏洞

Real Time Logic FuguHub is a consumer product from Real Time Logic developed using the Barracuda Application Server SDK. A security vulnerability exists in Real Time Logic FuguHub version 8.1 that stems from the /fs/ file manager interface not cleaning up or restricting script execution when...

6.1CVSS6.6AI score0.00218EPSS
Exploits3References3
CVE
CVE
added 2025/12/22 12:0 a.m.14 views

CVE-2025-67443

Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.6 views

PT-2025-52666

Name of the Vulnerable Software and Affected Versions Schlix CMS versions prior to 2.2.9-5 Description Schlix CMS is affected by a Cross-Site Scripting XSS issue. The root cause is a lack of javascript sanitization in the login form, which allows incorrect login attempts to be logged as XSS in th...

6.1CVSS5.4AI score0.00158EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.21 views

CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

0.00247EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.24 views

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

0.00158EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/12/21 6:31 p.m.134 views

Exploit for CVE-2025-65790

CVE-2025-65790 - FuguHub 8.1 Reflected SVG XSS Reflecte...

6.1CVSS5.7AI score0.00218EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.5 views

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

6.3CVSS6.9AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.15 views

CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

9.6CVSS6AI score0.00478EPSS
Exploits1References1
OSV
OSV
added 2025/12/20 11:38 a.m.6 views

BIT-HAPROXY-2025-11230 Denial of service vulnerability in HAProxy mjson library

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...

7.5CVSS6.5AI score0.00469EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/20 7:11 a.m.7 views

CVE-2025-66493

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced,...

7.8CVSS7.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 7:11 a.m.9 views

CVE-2025-66495

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS7.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.21 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

9.8CVSS8.1AI score0.01055EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/19 9:30 p.m.9 views

EUVD-2025-204598

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users...

6.4CVSS5.8AI score0.00201EPSS
Exploits1References4
Rows per page
Query Builder