This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.Read More ...
Continue Reading
July 25, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external e ...
Continue Reading
July 25, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.Read More ...
Continue Reading
July 25, 2022
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volume ...
Continue Reading
July 25, 2022
The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.Read More ...
Continue Reading
July 25, 2022
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.Read More ...
Continue Reading
July 25, 2022
All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.Read More ...
Continue Reading
July 25, 2022
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the eval function located ...
Continue Reading
July 25, 2022
Back to Main
