Lucene search
K

59143 matches found

Vulnrichment
Vulnrichment
added 2025/12/03 7:31 p.m.1 views

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

6.9CVSS6.3AI score0.00231EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/03 7:31 p.m.4 views

CVE-2025-66453

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

7.5CVSS7.6AI score0.00231EPSS
Exploits0
EUVD
EUVD
added 2025/12/03 6:34 p.m.5 views

EUVD-2025-201091

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.2AI score0.00509EPSS
Exploits1References2
NVD
NVD
added 2025/12/03 5:15 p.m.4 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS0.00232EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 5:15 p.m.5 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS5.9AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.3 views

CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

2.4CVSS6.6AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

4.8CVSS6.7AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.4 views

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

4.8CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-54573

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the JavaScript engine V8 used by the Google Chrome browser. This issue relates to incorrect security checks during the processing of standard elements. Successful...

10CVSS5.4AI score0.00323EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2025/12/03 12:0 a.m.10 views

Sulu XSS Vulnerability (GHSA-255w-87rh-rg44)

Sulu is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sulu:sulu"; if...

5.4CVSS6.3AI score0.00353EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

RHEL 9 : firefox (RHSA-2025:22375)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22375 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

8.8CVSS6.2AI score0.0041EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1204)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1204 advisory. - In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6,...

4.8CVSS6.2AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 9:31 p.m.5 views

EUVD-2025-200303

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.5AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/02 9:31 p.m.5 views

EUVD-2025-200309

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.5AI score0.00386EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 7:15 p.m.4 views

CVE-2025-66468

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...

7.6CVSS0.00238EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 7:15 p.m.2 views

CVE-2025-13721

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/12/02 7:15 p.m.3 views

CVE-2025-13630

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2025/12/02 7:0 p.m.27 views

CVE-2025-13721

CVE-2025-13721 describes a race in V8 within Google Chrome prior to 143.0.7499.41 that could enable a remote attacker to trigger heap corruption via a specially crafted HTML page. Affected software is Google Chrome (V8 engine); the vulnerability stems from a race condition in V8. Reported impact ...

7.5CVSS6.6AI score0.00187EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/02 7:0 p.m.47 views

CVE-2025-13630

CVE-2025-13630 is a Type Confusion in V8 in Google Chrome that could enable remote heap corruption via a crafted HTML page. Affected product is Chromium/Chrome (V8 engine); the issue is fixed in a Chrome/Chromium update ≥ 143.0.7499.41 (ChromeOS notes show related patching in the 143.0.7499.x fam...

8.8CVSS6.6AI score0.00386EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 6:30 p.m.3 views

CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

5.3CVSS6AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder