Lucene search
K

59108 matches found

Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.9 views

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

9.8CVSS6.4AI score0.00567EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.147, which stems from V8 out-of-bounds reads and writes that could lead to heap corruption...

8.8CVSS6.1AI score0.0281EPSS
Exploits0References3
Redos
Redos
added 2025/12/16 12:0 a.m.5 views

ROS-20251216-7368

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to reading data outside the buffer boundaries in memory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

4.3CVSS6.8AI score0.00176EPSS
Exploits0
Redos
Redos
added 2025/12/16 12:0 a.m.4 views

ROS-20251216-7359

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS7.5AI score0.00207EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.2 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2025:4397-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4397-1 advisory. Update to Mozilla Thunderbird 140.6 bsc1254551. - MFSA 2025-96 CVE-2025-14321: use-after-free in...

9.8CVSS7AI score0.00498EPSS
Exploits2References22
Snyk
Snyk
added 2025/12/15 9:44 p.m.3 views

Cross-site Scripting (XSS)

Overview org.lucee:core is a coer build of Lucee Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin interface parameters. An attacker can execute arbitrary JavaScript in a victim's browser session by injecting malicious scripts through crafted requests to...

4.8CVSS5.4AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2025/12/15 9:15 p.m.6 views

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.4CVSS0.00198EPSS
Exploits1References3
OSV
OSV
added 2025/12/15 9:15 p.m.5 views

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

5.4CVSS6AI score
Exploits0References3
OSV
OSV
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.4CVSS5.7AI score0.00198EPSS
Exploits1References3
NVD
NVD
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.8CVSS0.00824EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.2 views

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.1CVSS5.7AI score0.00198EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 8:28 p.m.13 views

CVE-2023-53890

CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...

5.4CVSS5.7AI score0.00198EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS6.5AI score0.00824EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.25 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS0.00205EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

5.1CVSS5.7AI score0.00327EPSS
Exploits0References3
Mageia
Mageia
added 2025/12/15 8:6 p.m.7 views

Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.8AI score0.00498EPSS
Exploits2References9
Mageia
Mageia
added 2025/12/15 8:6 p.m.7 views

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.8AI score0.00498EPSS
Exploits2References3
OSV
OSV
added 2025/12/15 8:6 p.m.3 views

MGASA-2025-0329 Updated thunderbird packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 IT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.6AI score0.00498EPSS
Exploits2References4
OSV
OSV
added 2025/12/15 8:6 p.m.8 views

MGASA-2025-0328 Updated nspr, nss & firefox packages fix security vulnerabilities

Use-after-free in the WebRTC: Signaling component. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2025-14322 Privilege escalation in the DOM: Notifications component. CVE-2025-14323 JIT miscompilation in the JavaScript Engine: JIT...

9.8CVSS7.6AI score0.00498EPSS
Exploits2References10
The Hacker News
The Hacker News
added 2025/12/15 5:46 p.m.12 views

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence AI-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and...

6.5AI score
Exploits0
Rows per page
Query Builder