CVE-2022-23509

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

CVE-2025-23509

creationtimestamp| type| source ---|---|--- 2025-01-22 15:18:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2yjrie2r 2025-01-22 20:01:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2627...

CVE-2025-23509 WordPress HyperComments plugin <= 0.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in siteheart HyperComments comments-with-hypercommentscom allows Reflected XSS.This issue affects HyperComments: from n/a through = 0.9.6...

CVE-2025-23509

CVE-2025-23509 concerns a reflected XSS in the HyperComments module used by WordPress. NotFound HyperComments is vulnerable to improper input neutralization during web page generation, enabling a Reflected XSS for HyperComments versions from is not stated to 0.9.6. The connected Red Hat and CVE e...

CVE-2025-23509 WordPress HyperComments plugin <= 0.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6...

CVE-2022-23509

creationtimestamp| type| source ---|---|--- 2023-01-09 16:27:33+00:00| seen| https://t.me/cibsecurity/56154...

CVE-2022-23509

CVE-2022-23509 concerns insecure, unencrypted communication between Weave GitOps’ GitOps Run and its local S3 bucket. This allows privileged users or processes to tap traffic and obtain information enabling access to the S3 bucket, potentially leading to bucket content modification and unintended...

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

@2109-t5/server (>=1.0.0 <=1.0.9), @agentscript-ai/linear (>=0.1.0 <=0.9.0) +339 more potentially affected by CVE-2021-23509 via json-ptr (>=0.1.1 <=2.2.0)

json-ptr NPM version =0.1.1, =1.0.0, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.15.0, =2.0.0-pr.1, =0.0.1-alpha.1, =5.4.3 - @cdxoo/pojo-utils =0.1.0 - @chix/chit =0.5.2 and more Source cves: CVE-2021-23509 Source advisory: OSV:GHSA-8GWJ-8HXC-285W...

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509

Summary IBM App Connect Enterprise Certified Container may be affected by a prototype pollution flaw in the pointer parameter in json-ptr due to CVE-2021-23509 Vulnerability Details CVEID: CVE-2021-23509 DESCRIPTION: Node.js json-ptr module could allow a remote attacker to execute arbitrary code ...

CVE-2021-23509

creationtimestamp| type| source ---|---|--- 2021-11-03 21:23:16+00:00| seen| https://t.me/cibsecurity/31758...

CVE-2021-23509

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509 Prototype Pollution

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509

CVE-2021-23509 affects the json-ptr package prior to 3.0.0. The vulnerability is described as a type confusion in the pointer parameter that can be triggered by user-provided keys, potentially enabling a bypass of CVE-2020-7766 when those keys are arrays. Related advisories (GHSA, osv, NVD entrie...