Lucene search
K

59108 matches found

Redos
Redos
added 2025/12/17 12:0 a.m.6 views

ROS-20251217-7312

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS7.5AI score0.04835EPSS
Exploits1
Redos
Redos
added 2025/12/17 12:0 a.m.5 views

ROS-20251217-7317

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.8 views

ROS-20251217-7315

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Redos
Redos
added 2025/12/17 12:0 a.m.5 views

ROS-20251217-7318

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

8.8CVSS6.4AI score0.00219EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/16 10:54 p.m.4 views

CVE-2025-14766

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.7AI score0.0281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.4 views

CVE-2023-53884

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is...

5.4CVSS6.4AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.4 views

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

5.4CVSS6AI score0.00205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.5AI score0.00205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.7 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

8.8CVSS8.5AI score0.00824EPSS
Exploits1References1
NVD
NVD
added 2025/12/16 5:16 p.m.3 views

CVE-2023-53903

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

5.4CVSS0.00201EPSS
Exploits1References3
OSV
OSV
added 2025/12/16 5:16 p.m.3 views

CVE-2023-53903

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

5.1CVSS5.8AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2025/12/16 5:16 p.m.7 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.3CVSS6.6AI score
Exploits0References4
NVD
NVD
added 2025/12/16 5:16 p.m.10 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/16 5:6 p.m.31 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/16 5:3 p.m.5 views

EUVD-2023-60187

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

5.4CVSS5.7AI score0.00201EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/16 5:3 p.m.5 views

EUVD-2023-60192

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...

5.1CVSS5.9AI score0.00205EPSS
Exploits1References4
hivepro
hivepro
added 2025/12/16 2:0 p.m.9 views

IE Mode: A Window to the Web – or to Attackers?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Recently, Internet Explorer IE Mode has been weaponized by threat actors through multiple zero-day...

7.5CVSS8AI score0.84345EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/12/16 6:56 a.m.7 views

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

4.3CVSS6.9AI score0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51751

Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.3 Description WebsiteBaker version 2.13.3 has a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript. Uploading crafted SVG files with script tags allows for...

5.4CVSS5.7AI score0.00201EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

PimpMyLog 安全漏洞

PimpMyLog is an open source log file viewer and analysis tool from Potsky, France. A security vulnerability exists in PimpMyLog version 1.7.14, which stems from improper access control and could allow a remote attacker to create an administrator account and inject malicious JavaScript...

9.8CVSS6.6AI score0.00567EPSS
Exploits1References4
Rows per page
Query Builder