Lucene search
K

400 matches found

Vulnrichment
Vulnrichment
added 2024/06/17 12:0 a.m.16 views

CVE-2024-36578

akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js...

6.5AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/17 12:0 a.m.34 views

CVE-2024-36574

A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON flatten-json/index.js:42...

0.0042EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/22 8:13 a.m.28 views

Prototype Pollution

@bit/loader is vulnerable to Prototype Pollution. The vulnerability is due to missing proto property restrictions within the M function's e argument in index.js, which allows an attacker to execute arbitrary code...

8.8CVSS7.4AI score0.00687EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/20 6:31 p.m.40 views

GHSA-8VR4-H4RR-8PH6 MiguelCastillo @bit/loader Prototype Pollution issue

A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...

8.8CVSS8.9AI score0.00687EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/20 6:31 p.m.18 views

MiguelCastillo @bit/loader Prototype Pollution issue

A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...

8.8CVSS8AI score0.00687EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/20 6:15 p.m.31 views

CVE-2024-24293

A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...

8.8CVSS7.4AI score0.00687EPSS
Exploits0References1
CVE
CVE
added 2024/05/20 5:26 p.m.398 views

CVE-2024-24293

CVE-2024-24293 affects MiguelCastillo @bit/loader (version 10.0.3). The root cause is a prototype pollution flaw in the M function’s e argument within index.js, enabling arbitrary code execution. Exploitation status is not detailed in the provided documents. Remediation guidance from PT-Security ...

8.8CVSS7.7AI score0.00687EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.6 views

bit-loader 安全漏洞

bit-loader is a framework for building module loaders by the individual developer Miguel Castillo. A security vulnerability exists in bit-loader-babel version v.10.0.3, which originated from a vulnerability that allows an attacker to execute arbitrary code via the M function e parameter in index....

8.8CVSS8.7AI score0.00687EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/15 12:25 p.m.56 views

CVE-2024-4067

A flaw was found in the NPM package micromatch where it is vulnerable to a regular expression denial of service ReDoS. The issue occurs in micromatch.braces in index.js because the pattern . will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking t...

7.5CVSS5.1AI score0.01429EPSS
Exploits1References7
NVD
NVD
added 2024/05/14 3:42 p.m.34 views

CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

5.3CVSS5.6AI score0.01429EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2024/05/14 3:42 p.m.36 views

CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

5.3CVSS6.7AI score0.01429EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/05/13 10:4 a.m.73 views

CVE-2024-4067 Regular Expression Denial of Service in micromatch

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

5.3CVSS5.4AI score0.01429EPSS
Exploits1References5
CVE
CVE
added 2024/05/13 10:4 a.m.382 views

CVE-2024-4067

CVE-2024-4067 affects the NPM package micromatch prior to 4.0.8. The vulnerability is in micromatch.braces() in index.js, where the pattern .* can cause extreme backtracking (ReDoS) as input grows, leading to hangs or slowdowns. A fix was merged and the issue is noted as mitigated by upgrading to...

5.3CVSS5.3AI score0.01429EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/05/13 10:4 a.m.42 views

CVE-2024-4067 Regular Expression Denial of Service in micromatch

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

5.3CVSS6.7AI score0.01429EPSS
Exploits1References12
OSV
OSV
added 2024/03/18 6:15 a.m.5 views

CVE-2024-29154

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...

7.4CVSS5.8AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/21 11:15 a.m.3 views

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

5.4CVSS6.1AI score0.00387EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 11:15 a.m.24 views

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

5.4CVSS0.00387EPSS
Exploits0References2
Prion
Prion
added 2023/12/21 11:15 a.m.22 views

Cross site scripting

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

4.9CVSS5.8AI score0.00387EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/21 12:0 a.m.23 views

CVE-2023-50473

Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...

5.5AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2023/12/21 12:0 a.m.45 views

CVE-2023-50473

CVE-2023-50473 affects bill-ahmed qbit-matUI v1.16.4. The issue is a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in the index.js file. Connected sources also indicate a remediation path: update to a newe...

5.4CVSS5.3AI score0.00387EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder