Camilo Vera

Researcher fromFluid Attacks
#7404of 53,632
37Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2026-3102
6.1
2026-01-15
Svelte · Svelte · CVE-2025-15265
**Name of the Vulnerable Software and Affected Versions** Svelte versions 5.46.0 through 5.46.2 **Description** A cross-site scripting (XSS) issue exists due to improper escaping of `hydratable` keys. When these keys include untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. This allows for remote script execution in users' browsers, potentially leading to session theft and account compromise. The `hydratable` function uses a key to uniquely identify data, and this key is embedded into a `<script>` block without proper escaping. A malicious key can terminate the script and inject arbitrary JavaScript into the HTML response. **Recommendations** Upgrade to a patched version of Svelte.
PT-2025-48080
8.3
2025-11-25
Amazon · Opensearch · CVE-2025-9624
**Name of the Vulnerable Software and Affected Versions** OpenSearch versions prior to 3.2.0 **Description** A flaw exists in OpenSearch that enables attackers to trigger a Denial of Service (DoS) condition. This is achieved by providing complex query string inputs. **Recommendations** Update to version 3.2.0 or later.
PT-2025-35498
6.9
2025-09-01
Pypi · Xmltodict · CVE-2025-9375
**Name of the Vulnerable Software and Affected Versions** xmltodict version 0.14.2 **Description** An XML Injection vulnerability exists in xmltodict, allowing for Input Data Manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-34250
6.9
2025-08-21
Unknown · Markdown-It · CVE-2025-7969
Name of the Vulnerable Software and Affected Versions: markdown-it version 14.1.0 Description: A flaw exists in markdown-it due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting (XSS). The issue is associated with the `lib/renderer.mjs` program file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-30937
8.8
2025-07-25
Linkify · Linkify · CVE-2025-8101
**Name of the Vulnerable Software and Affected Versions** Linkify versions 4.3.1 through 4.3.2 **Description** The software contains an improperly controlled modification of object prototype attributes ('Prototype Pollution') issue. This can lead to cross-site scripting (XSS) attacks targeting HTML attributes and manipulation of user-controlled variables. **Recommendations** Update to a version later than 4.3.2.