746 matches found
Mozilla Firefox < 2.0.0.12
The version of Firefox installed on the remote Windows host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of...
Mozilla Firefox < 2.0.0.12
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href...
CVE-2025-55254
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...
CVE-2025-55254
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...
CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI)
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...
CVE-2025-55254
The CVE-2025-55254 entry concerns HCL BigFix Remote Control Lite Web Portal, affected in versions 10.1.0.0326 and lower. The root cause is improper management of path-relative stylesheet imports, described as a Path-relative stylesheet import (PRSSI) issue, enabling potential malicious code execu...
PT-2025-51915
Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower Description A flaw exists in the way the software handles path-relative stylesheet imports. This could allow for the execution of malicious code within specific web pages...
HCL Launch和HCL DevOps Deploy 安全漏洞
HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
VulnCheck KEV: CVE-2025-6174
The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...
XML External Entity (XXE)
langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...
PT-2025-47248
Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the veu custom css parameter. Insufficient input sanitization and output escaping on the...
Mozilla Thunderbird < 45.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-03 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)
In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...
EUVD-2025-111145
Malicious code in mini-css-extract-plugin-capella-lacerta-castor npm...
EUVD-2025-111130
Malicious code in mini-css-extract-plugin-orbit-meissa-cluster npm...
EUVD-2025-111378
Malicious code in materialize-css-loader-install-dagda npm...
EUVD-2025-113413
Malicious code in frontend-build-css-loader-europa npm...
Amazon Linux 2023 : xmlunit, xmlunit-assertj, xmlunit-core (ALAS2023-2025-1260)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1260 advisory. XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled...
Linux Distros Unpatched Vulnerability : CVE-2024-31573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XS...