31 matches found
EUVD-2021-1106
Malware in sbrugna...
EUVD-2025-9270
Malicious code in bioql PyPI...
CVE-2025-31747
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through = 1.5.4...
CVE-2025-31747
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through = 1.5.4...
CVE-2025-31747 WordPress WP Chrono plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through = 1.5.4...
CVE-2025-31747
CVE-2025-31747 is a DOM-based XSS vulnerability in the WordPress plugin WP Chrono (listed as WP Chrono) affecting versions up to 1.5.4. According to connected documentation, the issue is described as an “Improper Neutralization of Input During Web Page Generation” leading to DOM-based Cross-Site ...
CVE-2025-31747 WordPress WP Chrono plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through = 1.5.4...
PT-2025-14136 · WordPress · Wp Chrono
Name of the Vulnerable Software and Affected Versions: WP Chrono versions 1.5.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to inject...
WordPress plugin WP Chrono 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
atuin (>=0.3.0 <=11.0.0), atuin-client (>=0.6.2 <=11.0.0) +27 more potentially affected by unknown CVE via chrono-english (=0.1.8)
chrono-english CARGO version =0.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on chrono-english and may be impacted: - atuin =0.3.0, =0.6.2, =0.6.2, =0.1.0, =1.9.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.2, =0.4.0, =0.7.0, =0.0.4, =1.0.0 and more Sour...
The maintainer of chrono-english is unresponsive
All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...
Chrono has potential segfault issue in SPIFFE authenticator
Impact Several vulnerabilities have been reported in the time and chrono crates related to handling of calls to localtimer. You can follow some of the discussions here and here, and the associated CVE here. In our case, the issue with the dependency was flagged by our nightly CI build running...
Denial of Service
Overview The package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. Recommendation Upgrade to version 2.2.4 or later References - CVE - GitHub Advisory...
@abbott-platform/abbott-framework (>=1.6.0 <=1.6.7), @abbott-platform/api-ai-botkit (>=1.5.3 <=1.5.4) +636 more potentially affected by CVE-2021-23371 via chrono-node (>=0.0.3 <=2.2.3)
chrono-node NPM version =0.0.3, =1.6.0, =1.5.3, =0.2.0, =1.3.0, =0.3.0, =3.1.0, =1.0.0, =4.0.0, =0.0.4, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.2.3 and more Source cves: CVE-2021-23371 Source advisory: OSV:GHSA-HPMR-G4PQ-JHGP...
Denial of service in chrono-node
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
GHSA-HPMR-G4PQ-JHGP Denial of service in chrono-node
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
Denial Of Service (DoS)
chrono-node is vulnerable to denial of service DoS. The vulnerability exists due to catastrophic backtracking in the regex matching, due to embedded spaces in the parseTimeUnits function...
Unspecified vulnerability in Npm chrono-node
Npm chrono-node is an application from Npm USA. Used to handle most date/time formats and extract information from any given text. A security vulnerability exists in Chrono-node prior to version 2.2.4, which stems from the program hanging on date-like strings with a large number of embedded space...
CVE-2021-23371
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...
CVE-2021-23371
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces...