EUVD-2025-205693

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

[SECURITY] Fedora 42 Update: golang-github-evanw-esbuild-0.24.2-4.fc42

This is a JavaScript bundler and minifier. It packages up JavaScript and TypeScript code for distribution on the web...

[SECURITY] Fedora 43 Update: golang-github-evanw-esbuild-0.24.2-6.fc43

This is a JavaScript bundler and minifier. It packages up JavaScript and TypeScript code for distribution on the web...

1k-utils (>=2.1.0 <=2.2.3), 22ndtech-angular-lib (>=0.0.7 <=0.0.57) +8928 more potentially affected by CVE-2025-15284 via qs (>=6.0.0 <=6.14.0)

qs NPM version =6.0.0, =2.1.0, =0.0.7, =0.2.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1-beta.1, =1.7.1-next.1, =0.0.1-alpha.3, =0.0.1-alpha.9, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-alpha.2 and more Source cves: CVE-2025-15284 Source advisory: SNYK:JS-QS-14724253...

Security Bulletin: Vulnerability in validator.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in validator.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

novel 安全漏洞

novel is an open source novel system by xxyopen open source. A security vulnerability exists in novel version V3.5.0, which stems from insufficient validation and coding of user-controllable data, and may result in the execution of arbitrary JavaScript code or the disclosure of sensitive...

PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

Gitea vulnerable to Cross-site Scripting

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

GHSA-HQ57-C72X-4774 Gitea vulnerable to Cross-site Scripting

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

CVE-2025-68946 affects Gitea releases before 1.20.1, where a link can specify a forbidden URL scheme (e.g., javascript:) enabling XSS. The issue is fixed by upgrading to Gitea 1.20.1 or later (patch/markup module remediation noted in the linked advisories/releases). Practical impact is Cross‑Site...

EUVD-2025-205421

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...