Lucene search
K

59097 matches found

Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.2 views

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.1CVSS5.7AI score0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.25 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS0.00205EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS6.5AI score0.00824EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

5.1CVSS5.7AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2025/12/15 8:6 p.m.8 views

MGASA-2025-0328 Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.6AI score0.00498EPSS
Exploits2References10
Mageia
Mageia
added 2025/12/15 8:6 p.m.7 views

Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.8AI score0.00498EPSS
Exploits2References9
Mageia
Mageia
added 2025/12/15 8:6 p.m.7 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.8AI score0.00498EPSS
Exploits2References3
OSV
OSV
added 2025/12/15 8:6 p.m.3 views

MGASA-2025-0329 Updated thunderbird packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.6AI score0.00498EPSS
Exploits2References4
The Hacker News
The Hacker News
added 2025/12/15 5:46 p.m.12 views

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence AI-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and...

6.5AI score
Exploits0
NVD
NVD
added 2025/12/15 2:15 p.m.3 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

8.1CVSS0.00317EPSS
Exploits0References4
OSV
OSV
added 2025/12/15 2:15 p.m.6 views

CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

8.1CVSS7AI score
Exploits0References4
OSV
OSV
added 2025/12/15 11:26 a.m.2 views

SUSE-SU-2025:4397-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.6 bsc1254551. - MFSA 2025-96 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL...

9.8CVSS5.8AI score0.00498EPSS
Exploits2References12
SUSE Linux
SUSE Linux
added 2025/12/15 11:24 a.m.5 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

8.8CVSS7.7AI score0.00498EPSS
Exploits2References22
OSV
OSV
added 2025/12/15 11:24 a.m.2 views

SUSE-SU-2025:4396-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. - MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

9.8CVSS5.8AI score0.00498EPSS
Exploits2References12
EUVD
EUVD
added 2025/12/15 7:34 a.m.6 views

EUVD-2025-203353

Malicious code in @revvity-signals/chemdraw-js npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/12/15 7:34 a.m.3 views

MAL-2025-192573 Malicious code in @revvity-signals/chemdraw-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c53a6ff6ab4af77539873f6d418625d58f5d11a3fedda42efb25b91585218bbf The package @revvity-signals/chemdraw-js was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References3
NVD
NVD
added 2025/12/15 7:15 a.m.2 views

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

4.3CVSS0.00177EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 7:15 a.m.3 views

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

4.3CVSS5.9AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 6:41 a.m.10 views

CVE-2025-14021

CVE-2025-14021 concerns the LINE client for iOS (pre-14.14). The in‑app browser is vulnerable to address bar spoofing, allowing an attacker to render trusted URLs while executing malicious JavaScript in iframes, enabling phishing via overlayed content. The CVSS 3.1 base score is 4.3 (Medium); att...

4.3CVSS6.5AI score0.00177EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/12/15 5:47 a.m.5 views

Cross-site Scripting (XSS)

Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...

6.3CVSS5.9AI score0.00163EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder