EUVD-2022-4304

Malicious code in bioql PyPI...

EUVD-2022-2954

Malicious code in bioql PyPI...

EUVD-2022-7097

Malicious code in bioql PyPI...

CVE-2022-37602

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js...

PT-2022-24023 · Unknown · Grunt-Karma +1

Name of the Vulnerable Software and Affected Versions: karma-runner grunt-karma version 4.0.1 Description: The issue is related to a prototype pollution vulnerability in the karma-runner grunt-karma. It occurs via the key variable in grunt-karma.js. Recommendations: For version 4.0.1, consider...

CVE-2022-37614

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

CVE-2022-37614

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js...

GHSA-VWHQ-PM3R-FJM9 steal vulnerable to Prototype Pollution via key variable in babel.js

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-18546

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

Sql injection

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

Design/Logic Flaw

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

CVE-2018-5715

SugarCRM 3.5.1 is vulnerable to Cross-Site Scripting via phprint.php due to improper handling of the GET parameter name ($key) in the query string. The root cause is that the $key values are not encoded when constructing the query string, enabling injection of arbitrary JavaScript into the victim...