Lucene search
K

4 matches found

Snyk
Snyk
added 2026/02/08 1:52 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the privateexports process. An attacker can access another user's private data exports by exploiting UUID collisions that occur when the UUID is converted to an integer, causing files...

8.2CVSS5.6AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2024/07/10 3:10 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

6.9CVSS6.9AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/20 6:45 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

6.3CVSS6.4AI score0.00493EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/09/01 3:29 p.m.4 views

@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)

bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....

5.8AI score0.0067EPSS
Exploits0
Rows per page
Query Builder