Lucene search
+L

467 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-12923

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00519EPSS
Exploits2References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/02 12:0 a.m.15 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Ope...

8.1CVSS7AI score0.06564EPSS
In wildExploits5
OSV
OSV
added 2025/06/19 2:15 a.m.4 views

DEBIAN-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

6.1CVSS5.6AI score0.0032EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/06/05 12:0 a.m.22 views

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.8AI score0.0645EPSS
In wildExploits3
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.7 views

CVE-2024-12595

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.7CVSS6.2AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.8 views

CVE-2024-5713

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

5.4CVSS6.3AI score0.00353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.7 views

CVE-2024-6018

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.3AI score0.00307EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.9 views

CVE-2024-10815

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

4.2CVSS6.2AI score0.00275EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:44 p.m.11 views

CVE-2022-2190

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.3AI score0.00593EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:29 p.m.9 views

CVE-2022-2187

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.2AI score0.01428EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.12 views

CVE-2022-2189

The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.3AI score0.0054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:4 a.m.6 views

CVE-2009-2631

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...

6.8CVSS6.2AI score0.05134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 12:20 a.m.12 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS7.3AI score0.0038EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.3 views

PT-2025-53579

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The issue resides in insufficient protection of the web page structure within Moodle. Exploitation of this can allow a remote attacker to conduct a Cross-Site Scripting XSS attack. The flaw is...

7.3CVSS5.9AI score0.00266EPSS
Exploits0References12
NVD
NVD
added 2025/05/19 3:15 p.m.9 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/19 12:0 a.m.6 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.8AI score0.0038EPSS
Exploits1References1
CVE
CVE
added 2025/05/19 12:0 a.m.65 views

CVE-2025-43714

The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...

6.5CVSS7.3AI score0.0038EPSS
Exploits1References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/27 12:0 a.m.59 views

Google Chromium Mojo Sandbox Escape Vulnerability

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

8.3CVSS8.2AI score0.08404EPSS
In wildExploits6
SUSE CVE
SUSE CVE
added 2024/11/27 4:4 a.m.2 views

SUSE CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

5.4CVSS6.3AI score0.00473EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2024/11/19 9:27 p.m.11 views

CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

7.7CVSS5.2AI score0.00472EPSS
Exploits0
Rows per page
Query Builder