Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6660 matches found

EUVD
EUVDadded 2025/12/19 4:37 p.m.5 views

EUVD-2025-204564

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

9.6CVSS5.5AI score0.00478EPSS
Exploits1References1
OSV
OSVadded 2025/12/19 4:37 p.m.6 views

CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

9.6CVSS6AI score0.00478EPSS
Exploits1References3
NVD
NVDadded 2025/12/19 8:15 a.m.4 views

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

6.3CVSS0.0015EPSS
Exploits0References1
NVD
NVDadded 2025/12/19 8:15 a.m.3 views

CVE-2025-66521

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS0.001EPSS
Exploits0References1
OSV
OSVadded 2025/12/19 8:15 a.m.3 views

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References1
OSV
OSVadded 2025/12/19 8:15 a.m.2 views

CVE-2025-66502

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

5.4CVSS5.6AI score0.00147EPSS
Exploits0References1
NVD
NVDadded 2025/12/19 8:15 a.m.16 views

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

6.3CVSS0.0015EPSS
Exploits0References1
NVD
NVDadded 2025/12/19 8:15 a.m.7 views

CVE-2025-66502

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/19 7:33 a.m.3 views

CVE-2025-66521 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS5.3AI score0.001EPSS
Exploits0References1
CVE
CVEadded 2025/12/19 7:33 a.m.11 views

CVE-2025-66521

Summary: CVE-2025-66521 is a stored XSS in Foxit’s pdfonline.foxit.com, specifically in the Trusted Certificates feature. What’s affected: The certificate name field accepts crafted input that is later rendered into the DOM without proper sanitization. Root cause: Insufficient sanitization of the...

6.3CVSS5.3AI score0.001EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/12/19 7:33 a.m.23 views

CVE-2025-66521 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS0.001EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/19 7:27 a.m.4 views

EUVD-2025-204457

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

6.3CVSS5.2AI score0.0015EPSS
Exploits0References2
CVE
CVEadded 2025/12/19 7:27 a.m.11 views

CVE-2025-66519

The CVE-2025-66519 issue affects pdfonline.foxit.com, specifically the Layer Import functionality, where a crafted payload placed in the Create new Layer field is later rendered into the DOM without proper sanitization. This leads to stored XSS, with script execution when the Layers panel is acce...

6.3CVSS5.3AI score0.0015EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/12/19 7:25 a.m.13 views

CVE-2025-66502

CVE-2025-66502 describes a stored cross-site scripting (XSS) vulnerability in Foxit’s pdfonline.foxit.com Page Templates. A crafted payload can be stored as the template name and later rendered into the DOM without proper sanitization, causing the injected script to execute each time the affected...

6.3CVSS5.2AI score0.00147EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/12/19 7:23 a.m.12 views

CVE-2025-66501

Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...

6.3CVSS5.4AI score0.0015EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/12/19 7:23 a.m.5 views

CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

6.3CVSS5.4AI score0.0015EPSS
Exploits0References1
OSV
OSVadded 2025/12/19 2:16 a.m.3 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

9.8CVSS6.2AI score0.01055EPSS
Exploits1References4
CVE
CVEadded 2025/12/19 12:0 a.m.27 views

CVE-2025-67843

Mintlify Platform is affected by a Server-Side Template Injection (SSTI) in its MDX Rendering Engine prior to 2025-11-15. The vulnerability allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file. Affected component: MDX Rendering Engine in Mintlify Platform (p...

9.8CVSS7.7AI score0.01055EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.23 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

8.3CVSS0.01055EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/12/19 12:0 a.m.4 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

8.3CVSS7.7AI score0.01055EPSS
Exploits1References4
Rows per page
Query Builder