Lucene search
K

59143 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 6:2 p.m.5 views

CVE-2025-64130

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.6AI score0.00865EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.4 views

CVE-2025-66026

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting XSS vulnerability exists in the Mediapool view where the request parameter argstypes is rendered into an info banner without HTML-escaping. This allows arbitrary JavaScript execution in the backend context when a...

6.1CVSS5.6AI score0.00228EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/27 12:30 p.m.8 views

EUVD-2025-199820

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

6.9AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2025/11/27 12:15 p.m.7 views

CVE-2025-59302

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

4.7CVSS7.4AI score
Exploits0References2
Cvelist
Cvelist
added 2025/11/27 11:46 a.m.10 views

CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/27 11:46 a.m.3 views

CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules

In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...

7AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 11:46 a.m.27 views

CVE-2025-59302

CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...

4.7CVSS7AI score0.00398EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/11/27 8:23 a.m.5 views

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

7.2CVSS7.3AI score0.00599EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/11/27 6:50 a.m.18 views

MAL-2025-191478 Malicious code in bitcoin-lib-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 480dbd7d7ec801a0212ee78ebb73268cd67ba4fb96b06ec563fbafe31aa10531 The package bitcoin-lib-js was found to contain malicious code. Source: ghsa-malware 95f79207062e8c5db317d3487c20f36927b99e9f0b9bfc2551c22a23d10c020f...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/11/27 6:50 a.m.6 views

EUVD-2025-199807

Malicious code in bitcoin-lib-js npm...

6.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.12 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00164EPSS
Exploits1References1
OSV
OSV
added 2025/11/27 12:15 a.m.2 views

UBUNTU-CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

3.6CVSS5.9AI score0.00138EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/27 12:2 a.m.1 views

Cross-site Scripting (XSS)

Overview spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RequestHandler.doGET function due to the error parameter in the OAuth callback server. An attacker can execute arbitrary JavaScript in...

4.1CVSS5.6AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.6 views

PT-2025-48264

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.18.0 through 4.20.1 Apache CloudStack versions 4.21.0 through 4.21.9 Description An improper control of code generation 'Code Injection' issue exists in Apache CloudStack, specifically within several APIs accessibl...

4.7CVSS7.3AI score0.00398EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/11/26 11:14 p.m.12 views

CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

3.6CVSS0.00138EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/11/26 11:14 p.m.4 views

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

3.6CVSS5.4AI score0.00138EPSS
Exploits0
Cvelist
Cvelist
added 2025/11/26 7:46 p.m.7 views

CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...

7.5CVSS0.00443EPSS
Exploits0References3
NVD
NVD
added 2025/11/26 6:15 p.m.10 views

CVE-2025-64130

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS0.00865EPSS
Exploits0References3
CVE
CVE
added 2025/11/26 5:55 p.m.11 views

CVE-2025-64130

Zenitel TCIV-3+ is affected by a reflected cross-site scripting vulnerability that could allow a remote attacker to run arbitrary JavaScript in a victim’s browser. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVELIST/CISA) as a reflected XSS affecting the device, with the vuln...

9.8CVSS6.3AI score0.00865EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/26 5:55 p.m.3 views

CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.3AI score0.00865EPSS
Exploits0References3
Rows per page
Query Builder