Lucene search
K

59137 matches found

GithubExploit
GithubExploit
added 2025/12/04 1:7 p.m.178 views

Exploit for CVE-2025-55182

CVE-2025-55182 some notes template: py !/usr/bin/env py...

10CVSS6.8AI score0.99562EPSS
Exploits372
Veracode
Veracode
added 2025/12/04 5:58 a.m.6 views

Cross-site Scripting

webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...

6.1CVSS7.1AI score0.00273EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49130

WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...

5.3CVSS6AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49098

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

5.9AI score0.00186EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker...

7.5CVSS7.2AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Seafile Community Edition 安全漏洞

Seafile Community Edition is a document collaboration platform from China's Haiwen Huzhi Seafile Company. A security vulnerability exists in Seafile Community Edition versions prior to 13.0.12, which stems from a stored cross-site scripting attack that could lead to malicious JavaScript execution...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Syslifters Sysreptor 跨站脚本漏洞

Syslifters Sysreptor is a penetration test reporting platform from Syslifters, Inc. A cross-site scripting vulnerability exists in Syslifters Sysreptor versions prior to 2025.102, which originates from an authenticated user being able to perform a stored cross-site scripting attack by uploading a...

7.3CVSS5.8AI score0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Monkeytype 跨站脚本漏洞

Monkeytype is a minimalist and customizable typing test open-sourced by Monkeytype. A cross-site scripting vulnerability exists in Monkeytype version 25.49.0 and earlier, which stems from mishandling of user input and could lead to the execution of malicious JavaScript when viewing maliciously...

7.1CVSS6.1AI score0.00196EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.37 that stems from a stored cross-site scripting attack that could lead to arbitrary JavaScript execution and...

8.7CVSS5.8AI score0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49146

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Stored Cross-Site Scripting XSS issue was identified in the Notes PDF download functionality. ...

8.7CVSS5.7AI score0.00193EPSS
Exploits1References12
OPENSUSE Linux
OPENSUSE Linux
added 2025/12/04 12:0 a.m.3 views

Security update for mozjs128 (important)

openSUSE security update: security update for mozjs128 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20135-1 Rating: important References: bsc1248162 Cross-References: CVE-2025-5263 CVE-2025-5264 CVE-2025-5265 CVE-2025-5266 CVE-2025-5267...

8.8CVSS7AI score0.03057EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49172

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2025.102 Description A Stored Cross-Site Scripting XSS issue exists in SysReptor, a customizable pentest reporting platform. Authenticated users can execute malicious JavaScript code within the context of other...

7.3CVSS5.5AI score0.00157EPSS
Exploits0References9
OSV
OSV
added 2025/12/03 8:41 p.m.3 views

OPENSUSE-SU-2025-20135-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

9.8CVSS7.6AI score0.03057EPSS
Exploits0References27
OSV
OSV
added 2025/12/03 8:38 p.m.4 views

SUSE-SU-2025:21170-1 Security update for mozjs128

This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...

9.8CVSS6.4AI score0.03057EPSS
Exploits0References28
OSV
OSV
added 2025/12/03 8:16 p.m.7 views

AZL-71503 CVE-2025-66453 affecting package rhino 1.7.7.1-2

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

7.5CVSS7.2AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 7:31 p.m.1 views

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

6.9CVSS6.3AI score0.00231EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/03 7:31 p.m.4 views

CVE-2025-66453

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

7.5CVSS7.6AI score0.00231EPSS
Exploits0
EUVD
EUVD
added 2025/12/03 6:34 p.m.5 views

EUVD-2025-201091

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.2AI score0.00509EPSS
Exploits1References2
OSV
OSV
added 2025/12/03 5:15 p.m.5 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS5.9AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 5:15 p.m.4 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS0.00232EPSS
Exploits0References1
Rows per page
Query Builder