CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...

CVE-2024-7487

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification...

CVE-2021-46433

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCodeto bypass sandbox to execute arbitrary PHP code when disablenativefuncs is true...

CVE-2021-24045

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

CVE-2020-6830

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for...

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

CVE-2020-12404

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS 26...

Malicious code in @dailyapy-rn/rn-push-provisioning (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19025

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform...

CVE-2019-19023

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform...

CVE-2019-19029

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...

Malicious code in react-native-scrollpageviewtest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4284 Malicious code in react-native-scrollpageviewtest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcee80fff21305590dcf04ace763231bdd81fcc2ef72bf8492ed79a60a17cd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring Data Ahead of Time Repositories

In the past couple of years we have seen heavy investment throughout the Java ecosystem to reduce application startup times. The main focus gravitates around Ahead-of-Time optimizations. May it be condensing code into a GraalVM native executable, capturing already optimized bytecode with...

CVE-2009-5061

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service daemon crash by going offline, aka SPR MLZG7UPB9N...