CVE-2025-51464 – Aimhubio Aim XSS

July 22, 2025

CVE ID : CVE-2025-51464

Published : July 22, 2025, 6:15 p.m. | 6 hours, 29 minutes ago

Description : Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox restrictions prevent JavaScript execution via pyodide.code.run_js().

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8043 – Firefox URL Truncation Vulnerability

Next Article CVE-2025-51482 – Letta AI Remote Code Execution

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-51464 – Aimhubio Aim XSS

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

The Silent SaaS Advantage: How React Boosts Retention & Cuts Costs

United Australia Party Confirms Major Ransomware Attack and Data Breach

Brave browser will block Microsoft Recall from tracking your online activity

6 first world Windows 11 problems I desperately want Microsoft to fix

MMAU: A Holistic Benchmark of Agent Capabilities Across Diverse Domains

How to Install Microsoft Teams [All Devices, Step-by-Step]

CVE-2025-7801 – BossSoft CRM SQL Injection Vulnerability

I replaced my Linux system with this $200 Windows mini PC – and it left me impressed

CVE-2025-51464 – Aimhubio Aim XSS

Related Posts