Lucene search
K

59143 matches found

CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

Calibre-Web 安全漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database by Jan B Individual Developer. A security vulnerability exists in Calibre-Web version v0.6.25, which stems from malicious JavaScript not being filtered in the username field during user creatio...

3.5CVSS5.7AI score0.00174EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.6 views

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop version 2.0.1 that originates from an unauthenticated user being able to upload files and create directories in the /api/images endpoint...

7.5CVSS6.8AI score0.00339EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/02 12:0 a.m.3 views

Google Chrome < 143.0.7499.40 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.40. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41...

8.8CVSS6.1AI score0.00393EPSS
Exploits0References27
NVD
NVD
added 2025/12/01 11:15 p.m.10 views

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS0.00377EPSS
Exploits1References4
OSV
OSV
added 2025/12/01 11:15 p.m.2 views

UBUNTU-CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS6.5AI score0.00377EPSS
Exploits1References4
OSV
OSV
added 2025/12/01 10:35 p.m.9 views

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS5.7AI score0.00377EPSS
Exploits1References4
CVE
CVE
added 2025/12/01 10:35 p.m.109 views

CVE-2025-66412

CVE-2025-66412 concerns Angular’s Template Compiler, where a stored XSS could occur due to an incomplete security schema that fails to classify certain URL-holding attributes (e.g., javascript: URLs) as requiring strict URL security. The vulnerability allows injection of malicious scripts and is ...

8.5CVSS5.3AI score0.00377EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/12/01 10:35 p.m.9 views

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS6.9AI score0.00377EPSS
Exploits1
OSV
OSV
added 2025/12/01 10:15 p.m.5 views

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.4CVSS5.8AI score0.0017EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/12/01 10:8 p.m.189 views

NoSQL-Injection-2025

NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &amp...

8.3AI score
Exploits0
EUVD
EUVD
added 2025/12/01 9:30 p.m.6 views

EUVD-2025-200090

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...

5.6AI score0.00182EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/12/01 6:58 p.m.5 views

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

7.5CVSS6AI score0.0041EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/01 6:54 p.m.5 views

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

7.5CVSS6AI score0.0041EPSS
Exploits0References5
OSV
OSV
added 2025/12/01 4:15 p.m.3 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

5.4CVSS5.7AI score0.00186EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/01 3:39 p.m.2 views

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the User Update function. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious input...

6.1CVSS5.4AI score0.00205EPSS
Exploits1References2
OSV
OSV
added 2025/12/01 3:15 p.m.4 views

CVE-2025-63528

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...

5.4CVSS5.7AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2025/12/01 3:15 p.m.3 views

CVE-2025-63527

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

5.4CVSS5.7AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2025/12/01 9:8 a.m.6 views

RLSA-2025:22363 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

7.5CVSS6.7AI score0.0041EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/12/01 2:53 a.m.5 views

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

7.5CVSS6AI score0.0041EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/01 2:46 a.m.4 views

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

7.5CVSS6AI score0.0041EPSS
Exploits0References5
Rows per page
Query Builder