Lucene search
K

746 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.10 views

Mozilla Firefox < 2.0.0.12

The version of Firefox installed on the remote Windows host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of...

4.3CVSS8.4AI score0.02037EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.6 views

Mozilla Firefox < 2.0.0.12

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 2.0.0.12. It is, therefore, affected by a vulnerability as referenced in the mfsa2008-10 advisory. - Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href...

4.3CVSS8.3AI score0.02037EPSS
Exploits1References3
NVD
NVD
added 2025/12/17 9:16 p.m.11 views

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

4.8CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 9:16 p.m.2 views

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

4.8CVSS6AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 8:46 p.m.3 views

CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI)

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

3.7CVSS6.9AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/12/17 8:46 p.m.11 views

CVE-2025-55254

The CVE-2025-55254 entry concerns HCL BigFix Remote Control Lite Web Portal, affected in versions 10.1.0.0326 and lower. The root cause is improper management of path-relative stylesheet imports, described as a Path-relative stylesheet import (PRSSI) issue, enabling potential malicious code execu...

4.8CVSS6.9AI score0.00166EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51915

Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower Description A flaw exists in the way the software handles path-relative stylesheet imports. This could allow for the execution of malicious code within specific web pages...

3.7CVSS6.9AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.12 views

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

4.8CVSS6.8AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 11:54 p.m.5 views

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS6.4AI score0.00232EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2025/11/27 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-6174

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

6.1CVSS5.8AI score0.0046EPSS
In wildExploits0References2
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00604EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47248

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the veu custom css parameter. Insufficient input sanitization and output escaping on the...

6.4CVSS5.4AI score0.00205EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Thunderbird < 45.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-03 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are...

9.8CVSS7.7AI score0.33199EPSS
Exploits15References9
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.8AI score0.0363EPSS
Exploits5References4
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-111145

Malicious code in mini-css-extract-plugin-capella-lacerta-castor npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-111130

Malicious code in mini-css-extract-plugin-orbit-meissa-cluster npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-111378

Malicious code in materialize-css-loader-install-dagda npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.4 views

EUVD-2025-113413

Malicious code in frontend-build-css-loader-europa npm...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.4 views

Amazon Linux 2023 : xmlunit, xmlunit-assertj, xmlunit-core (ALAS2023-2025-1260)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1260 advisory. XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled...

4CVSS8AI score0.00216EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-31573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XS...

4CVSS7.6AI score0.00216EPSS
Exploits0References2
Rows per page
Query Builder