Lucene search
K

59124 matches found

EUVD
EUVD
added 2025/12/12 8:14 p.m.3 views

EUVD-2025-203110

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS6.6AI score0.00166EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 8:14 p.m.5 views

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

8.4CVSS7AI score0.00166EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 7:48 p.m.7 views

CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.1CVSS5.5AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 7:48 p.m.5 views

CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.1CVSS5.9AI score0.00138EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/12 7:45 p.m.5 views

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

8.8CVSS6.7AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 8:15 a.m.5 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS0.00144EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 6:34 a.m.5 views

EUVD-2025-203045

Malicious code in cos-js-sdk-v6 npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.4 views

EUVD-2025-203016

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS5.1AI score0.00209EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.11 views

CVE-2025-13866

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.26 views

CVE-2025-13866 Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flowflowsocialauth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

6.4CVSS0.00209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS6.3AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS7.4AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS6.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55328

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55339

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS5.2AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.4 views

EUVD-2024-55334

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.5 views

SUSE CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS6.8AI score0.00438EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50979

Name of the Vulnerable Software and Affected Versions CISA Software Acquisition Guide Supplier Response Web Tool versions prior to 2025-12-11 Description The CISA Software Acquisition Guide Supplier Response Web Tool was susceptible to cross-site scripting through text fields. An attacker could...

6.1CVSS6AI score0.00159EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

AlmaLinux 10 : firefox (ALSA-2025:23035)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:23035 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in...

9.8CVSS8.7AI score0.00498EPSS
Exploits2References12
Rows per page
Query Builder