CVE-2024-9416

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object that stems from prototype contamination in the expand function...

CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Linux Distros Unpatched Vulnerability : CVE-2024-28243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

Linux Distros Unpatched Vulnerability : CVE-2024-28244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

Linux Distros Unpatched Vulnerability : CVE-2024-28246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain...

CVE-2025-23207

A flaw was found in the KaTeX library. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript or generate invalid HTML. Mitigation Users unable to upgrade should turn off the trust option or set ...

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

ROS-20241209-04

A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

CVE-2020-26306

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component...

UBUNTU-CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

ROS-20240918-16

A vulnerability in the deserialize JavaScript library function for Jwcrypto is related to an uncontrolled resource consumption. uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting a specially...

Security Bulletin: A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2024-39338).

Summary There is a vulnerability in JavaScript library Axios that is used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relativ...

CVE-2024-41910

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used...

Malicious code in @store-sfdcbt-net/cicd_gulp-central-js-lib-v1 (npm)

--- -= Per source details. Do not edit below this line.=-...

-temp-electron-manager-somiibo (=0.0.200), 0.extends.wechat (>=1.0.51 <=1.0.65) +18915 more potentially affected by CVE-2024-37168 via @grpc/grpc-js (>=0.1.0 <=1.8.21)

@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =0.0.2, =0.0.1, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.2 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2024-37168 Source advisory: OSV:GHSA-7V5V-9H63-CJ86...

GHSA-JMH9-6RJQ-GJH9 Vulnerable embedded jQuery Version

Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting XSS. Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...