This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be ...
Continue Reading
July 25, 2022
This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)Read More ...
Continue Reading
July 25, 2022
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.Read More ...
Continue Reading
July 25, 2022
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.Read More ...
Continue Reading
July 25, 2022
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an atta ...
Continue Reading
July 25, 2022
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external e ...
Continue Reading
July 25, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.Read More ...
Continue Reading
July 25, 2022
LibreOffice supports the storage of passwords for web connections in the users configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib ...
Continue Reading
July 25, 2022
Back to Main
