Lucene search
K

59134 matches found

RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-55307

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS6.3AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

7.8CVSS7.5AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55314

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing...

7.8CVSS7.4AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...

6.5CVSS6.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55328

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55339

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS5.2AI score0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 12:30 a.m.4 views

EUVD-2024-55334

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.5 views

SUSE CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS6.8AI score0.00438EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50979

Name of the Vulnerable Software and Affected Versions CISA Software Acquisition Guide Supplier Response Web Tool versions prior to 2025-12-11 Description The CISA Software Acquisition Guide Supplier Response Web Tool was susceptible to cross-site scripting through text fields. An attacker could...

6.1CVSS6AI score0.00159EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

AlmaLinux 10 : firefox (ALSA-2025:23035)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:23035 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in...

9.8CVSS8.7AI score0.00498EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

AlmaLinux 9 : firefox (ALSA-2025:23034)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23034 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in...

9.8CVSS8.7AI score0.00498EPSS
Exploits2References12
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WonderCMS 跨站脚本漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS, Inc. A cross-site scripting vulnerability exists in WonderCMS version 4.3.2, which stems from the presence of cross-site scripting in the module installation endpoints, which could lead to the injection of malicio...

8.8CVSS6.4AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50826

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow flow social auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS5.6AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50977

Name of the Vulnerable Software and Affected Versions Lightning Flow Scanner versions 6.10.5 and below Description Lightning Flow Scanner, a CLI plugin, VS Code Extension, and GitHub Action for Salesforce Flow analysis and optimization, is affected by an issue where maliciously crafted flow...

8.4CVSS6.9AI score0.00166EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

lightning-flow-scanner 代码注入漏洞

lightning-flow-scanner is an open source command line automation plugin for Lightning Flow Scanner. A code injection vulnerability exists in lightning-flow-scanner version 6.10.5 and earlier, which stems from a maliciously constructed flow metadata file that could lead to arbitrary JavaScript...

8.4CVSS7.4AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50902

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated users to inject malicious HTML and JavaScript code through description fields within the Job, Course, and Bat...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.8 views

Node.js React Server Components Denial of Service and Source Code Exposure (CVE-2025-55183, CVE-2025-55184)

Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1 - react-server-dom-parcel 19.0....

7.5CVSS6.3AI score0.65592EPSS
Exploits13References3
NVD
NVD
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58297

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.4CVSS0.0021EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/11 9:40 p.m.21 views

CVE-2024-58304 SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS0.00415EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 9:38 p.m.8 views

CVE-2024-58297

CVE-2024-58297 affects PyroCMS v3.0.1 with a stored XSS in the admin redirects configuration. An attacker can inject a payload into the Redirect From field, causing arbitrary JavaScript to execute when administrators view the redirects page. Public sources consistently describe this as a stored X...

5.4CVSS6AI score0.0021EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder