CVE-2026-25141

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

@orval/angular (>=8.0.0 <=8.0.1), @orval/axios (>=8.0.0 <=8.0.1) +9 more potentially affected by CVE-2026-23947 +1 more via @orval/core (>=8.0.0-rc.0 <=8.0.1)

@orval/core NPM version =8.0.0-rc.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.1 Source cves: CVE-2026-23947, CVE-2026-25141 Source advisory: OSV:GHSA-H526-WF6G-67JV...

CVE-2026-23947

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...

@beshkenadze/orval-mcp (=7.11.2-fix.2), @orval/angular (>=7.10.0 <=7.18.0) +11 more potentially affected by CVE-2026-23947 via @orval/core (>=7.10.0 <=7.18.0)

@orval/core NPM version =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =1.0.1, =7.10.0, =7.10.0, =7.13.2 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...

CVE-2026-23947

creationtimestamp| type| source ---|---|--- 2026-01-19 18:52:39+00:00| published-proof-of-concept| https://github.com/orval-labs/orval/security/advisories/GHSA-h526-wf6g-67jv 2026-01-20 01:53:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mct2ecwyag2g 2026-01-24 21:23:28+00:00|...

CVE-2025-23947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

Linux Distros Unpatched Vulnerability : CVE-2024-23947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an...

CVE-2025-23947

creationtimestamp| type| source ---|---|--- 2025-01-16 21:20:58+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7jgiqqo2t 2025-01-16 22:56:09+00:00| seen| https://t.me/cvedetector/15645 2025-01-17 21:57:06+00:00| published-proof-of-concept|...

CVE-2025-23947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

CVE-2025-23947

CVE-2025-23947 : Stored XSS in WP-Player (WordPress plugin). Root cause: improper input neutralization during web page generation. Affected: WP-Player versions from n/a up to 2.6.1. Public details in RH/Red Hat and Wordfence entries confirm the vulnerability; no public fixes/versioned remediation...

CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

SUSE CVE-2024-23947

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

CVE-2024-23947

The CVE-2024-23947 issue affects libigl v2.5.0, specifically the igl::MshLoader::parse_nodes function when handling binary .msh files. The vulnerability arises from improper array index validation, leading to an out-of-bounds write. The available sources describe the affected component and failur...

CVE-2021-23947

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

CVE-2023-23947

A flaw was found in ArgoCD. An improper authorization bug may allow an attacker to update at least one cluster secret, enabling them to change any other cluster secret. The attacker must know the URL for the targeted cluster and additionally it should be authenticated within the ArgoCD API server...

CVE-2023-23947

creationtimestamp| type| source ---|---|--- 2023-02-16 20:12:26+00:00| seen| https://t.me/cibsecurity/58335...

CVE-2023-23947

Argo CD suffers an improper authorization vulnerability (CVE-2023-23947) affecting versions starting with 2.3.0-rc1 up to before 2.3.17, and including 2.4.23, 2.5.11, and 2.6.2. An attacker who can update at least one cluster secret can update any cluster secret, enabling privilege escalation or ...