@nativescript/plugin-tools (>=5.5.0 <=5.5.3), @nstudio/focus (>=20.0.0 <=20.0.3) +2 more potentially affected by unknown CVE via @nstudio/xplat-utils (>=20.0.0 <=20.0.3)

@nstudio/xplat-utils NPM version =20.0.0, =5.5.0, =20.0.0, =20.0.0, =20.0.0, =20.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-NSTUDIOXPLATUTILS-12744505...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

IBM Cloud Pak for Automation 日志信息泄露漏洞

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

Cross-site request forgery attack on change password form

Summary Change password doesn't validate CSRF token properly. Impact An attacker can force the victim to change password without knowing. To successfully complete this attack the victim needs to be logged to the Guardian/CMC and visit a special prepared page containing the forged change password...

TechSmith SnagIT Code Issue Vulnerability

TechSmith SnagIT is a set of screen capture software from TechSmith USA. The software is mainly used for taking screenshots on the screen, recording videos, etc. A code issue vulnerability exists in TechSmith SnagIt versions 11.2.1 through 20.0.3. A local attacker could exploit the vulnerability ...