ps459

Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...

PT-2026-33020

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at /otm-ac/v1/update-widget-options and /otm-ac/v1/update-app-config with the permission callback set to return...

CVE-2025-14498

CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...

CVE-2017-20202 Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

GHSA-Q43X-79JR-CQ98 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...

PT-2024-37636 · Unknown · Hyperview Geoportal Toolkit

Name of the Vulnerable Software and Affected Versions: HyperView Geoportal Toolkit versions prior to 8.5.0 Description: The issue allows an unauthenticated remote attacker to prepare links that, when opened, will load scripts from a remote location controlled by the attacker and execute them in t...

PT-2024-31592 · Pagefind · Pagefind

Name of the Vulnerable Software and Affected Versions: Pagefind versions prior to 1.1.1 Description: A DOM Clobbering vulnerability exists in Pagefind, allowing an attacker to inject malicious HTML and escalate privileges. This occurs when an attacker can add elements to a page, such as img tags...

CVE-2024-23673

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

SUSE CVE-2011-4355

GNU Project Debugger GDB before 7.5, when .debuggdbscripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts...

SUSE CVE-2014-1719

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...

Desktop APP XSS to RCE

📝 Description Bypass disabled plugins configuration According to its default configuration, drawio desktop disables the use of custom plugin and must be using --enable-plugins to enable it. In addition, draw.io allows you to configure the application mainly the interface using a json file...

Authentication Bypass

firefox is vulnerable to authentication bypass. The vulnerability exists because preload cache bypasses subresource integrity when loading a script which allows an attacker to gain access to internal system and perform unwanted action...

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in the Django wiki where an attacker with access to the edit page...

pocsuit3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the repository: This repository is an open-sourced remote vulnerability testing and proof-of-concept development framework called pocsuite3, developed by the Knownsec 404 Team. It comes with a powerf...

pocsuite3

This is a Python package called pocsuite3 that provides a framework for remote vulnerability testing and proof-of-concept development. It is designed to be used by penetration testers and security researchers. The package has a powerful proof-of-concept engine and comes with many features,...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

CVE-2019-11595

In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect...

CVE-2019-11593

In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect...