62 matches found
ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root
Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...
CVE-2026-8203
creationtimestamp| type| source ---|---|--- 2026-06-05 11:01:41+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnjyeyccmg24 2026-06-05 11:01:41+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnjyeyccmg24...
CVE-2026-8203
Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...
CVE-2026-8203 Concrete CMS 9.5.0 and below has Stored XSS on the height parameter
Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that executes in the context of any visitor's browser, potentially leading to session hijacking, credential...
Prototype Pollution loadash.pick Dependency Vulnerability in Jira Software Data Center and Server
This High severity Prototype Pollution vulnerability known as CVE-2020-8203 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H allows an unauthenticated attacker to take...
EUVD-2019-6979
Malware in sbrugna...
CVE-2025-8203
A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
Oracle Linux 9 : thunderbird (ELSA-2025-8203)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-8203 advisory. 128.10.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 128.10.1 - Add OpenELA debranding 128.10.1-1 - Update to 128.10.1 Tenable ha...
CVE-2019-8203
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2024-40992 RDMA/rxe: Fix responder length checking for UD request packets
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...
Malicious code in wlwz-2312-8203 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6157f55472c57f53d1d451afa02655698597f9535be7021e5e9f9b0552863e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-912 Malicious code in wlwz-2312-8203 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6157f55472c57f53d1d451afa02655698597f9535be7021e5e9f9b0552863e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-8203
creationtimestamp| type| source ---|---|--- 2024-01-16 19:12:17+00:00| seen| https://t.me/ctinow/168956...
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties
Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]
Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-9281 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...
Security Bulletin: CVE-2020-8203
Summary Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. Vulnerability Details CVEID: CVE-2020-8203 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability usi...
CVE-2020-8203
creationtimestamp| type| source ---|---|--- 2022-07-04 18:20:38+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1478 2023-12-10 14:09:17+00:00| seen| https://t.me/arpsyndicate/1632 2023-12-18 08:43:58+00:00| seen| https://t.me/arpsyndicate/1949 2026-01-20 13:55:09+00:00|...
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...