### Impact InvenTree uses [EasyMDE](https://github.com/Ionaru/easy-markdown-editor) for displaying markdown text in various places (e.g. for the various "notes" fields associated with various models). ...
Continue ReadingJune 17, 2022
The nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resu ...
Continue ReadingJune 17, 2022
The nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resu ...
Continue ReadingJune 17, 2022
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted l ...
Continue ReadingJune 17, 2022
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.Read More ...
Continue ReadingJune 17, 2022
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.Read More ...
Continue ReadingJune 17, 2022
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker ...
Continue ReadingJune 17, 2022
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vu ...
Continue ReadingJune 17, 2022
Back to Main