Submit #515870: https://www.npmjs.com/package/jodit jodit 4.5.17 Cross Site Scripting [Duplicate]
Submit #515870 / VDB-239922
Aggregator
Submit #515869: https://www.npmjs.com/package/dante3 dante3 * Cross Site Scripting [Accepted]
3 months 1 week ago
Submit #515869 / VDB-300717
masamune
CVE-2025-2699 | GetmeUK ContentTools up to 1.6.16 Image onload cross site scripting
3 months 1 week ago
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting.
This vulnerability is handled as CVE-2025-2699. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #515867: https://www.npmjs.com/package/summernote summernote 0.9.1 Cross Site Scripting [Duplicate]
3 months 1 week ago
Submit #515867 / VDB-268200
masamune
Submit #515864: https://www.npmjs.com/package/ContentTools ContentTools * Cross Site Scripting [Accepted]
3 months 1 week ago
Submit #515864 / VDB-300716
masamune
Interlock
3 months 1 week ago
cohenido
Kill
3 months 1 week ago
cohenido
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
2025第12周投资收益
3 months 1 week ago
2025第12周投资收益
Утечка Keenetic: хакеры получили ключи к миллиону домашних сетей россиян
3 months 1 week ago
Как уязвимость 2023 года привела к утечке в 2025-м.
CVE-2025-30474 | Apache Commons VFS up to 2.9.x FtpFileObject information exposure
3 months 1 week ago
A vulnerability was found in Apache Commons VFS up to 2.9.x. It has been declared as problematic. Affected by this vulnerability is the function FtpFileObject. The manipulation leads to information exposure through error message.
This vulnerability is known as CVE-2025-30474. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-27553 | Apache Commons VFS up to 2.9.x FileObject API resolveFile Scope path traversal
3 months 1 week ago
A vulnerability was found in Apache Commons VFS up to 2.9.x. It has been classified as problematic. Affected is the function resolveFile of the component FileObject API. The manipulation of the argument Scope leads to relative path traversal.
This vulnerability is traded as CVE-2025-27553. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2691 | nossrf up to 1.0.3 Hostname server-side request forgery (SNYK-JS-NOSSRF-9510842)
3 months 1 week ago
A vulnerability was found in nossrf up to 1.0.3 and classified as critical. This issue affects some unknown processing. The manipulation of the argument Hostname leads to server-side request forgery.
The identification of this vulnerability is CVE-2025-2691. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-0927 | Canonical Ubuntu Linux prior 6.11.0-18.18 HFS+ filesystem out-of-bounds write (USN-7276-1)
3 months 1 week ago
A vulnerability has been found in Canonical Ubuntu Linux and classified as critical. This vulnerability affects unknown code of the component HFS+ filesystem. The manipulation leads to out-of-bounds write.
This vulnerability was named CVE-2025-0927. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
SecWiki News 2025-03-23 Review
3 months 1 week ago