Lucene search
K

59102 matches found

CVE
CVE
added 2025/12/12 8:36 p.m.10 views

CVE-2025-67634

CVE-2025-67634 concerns the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which is affected by cross-site scripting via text fields when a user imports a crafted JSON file. The JavaScript could load into the page and execute in the user’s browser upon submission ...

6.1CVSS5.8AI score0.00159EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 8:36 p.m.5 views

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.8AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 8:14 p.m.3 views

EUVD-2025-203110

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS6.6AI score0.00166EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/12 8:14 p.m.17 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 8:14 p.m.5 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7AI score0.00166EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 7:48 p.m.7 views

CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.1CVSS5.5AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 7:48 p.m.5 views

CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.1CVSS5.9AI score0.00138EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/12 7:45 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

8.8CVSS6.7AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 8:15 a.m.5 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS0.00144EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 6:34 a.m.5 views

EUVD-2025-203045

Malicious code in cos-js-sdk-v6 npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.4 views

EUVD-2025-203016

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.1AI score0.00209EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.11 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.26 views

CVE-2025-13866 Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS0.00209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS6.3AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS7.4AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS6.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.4 views

EUVD-2024-55328

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55339

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS5.2AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.4 views

EUVD-2024-55334

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References5
Rows per page
Query Builder