Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the opencc::MaxMatchSegmentation and Conversion::Convertconst char functions. An attacker can achieve unauthorized access to memory and potentially execute arbitrary code by providing specially crafted inp...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the opencc::MaxMatchSegmentation and Conversion::Convertconst char functions. An attacker can achieve unauthorized access to memory and potentially execute arbitrary code by providing specially crafted inp...

Use of Incorrectly-Resolved Name or Reference

Overview commandkit is a Beginner friendly command & event handler for Discord.js Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference due to the ctx.commandName property exposing the alias used instead of the canonical command name in both middleware...

PT-2025-33654 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to a cross-origin resource sharing CORS issue. This configuration allows an attacker to potentially perform privileged actions because the doma...

PT-2024-31594 · Npm · @Blakeembrey/Template

Name of the Vulnerable Software and Affected Versions: @blakeembrey/template versions prior to 1.2.0 Description: The issue allows an attacker to inject and run code within the template if they have access to write the template name. This can be achieved by exploiting the template display name...

PT-2023-24765 · Unknown · Cloudexplorer Lite

Name of the Vulnerable Software and Affected Versions: cloudexplorer-lite versions prior to 1.2.0 Description: The issue is related to weak passwords that can be easily guessed, making them an easy target for brute force attacks. This can lead to an authentication system failure and compromise...

PT-2023-24216 · Rekor +1 · Rekor +1

Name of the Vulnerable Software and Affected Versions: Rekor versions prior to 1.2.0 Description: A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered, resulting in a 500 error message to the client, with minimal...

PT-2022-8063 · Unknown · Moappi Json2Html

Name of the Vulnerable Software and Affected Versions: moappi Json2html versions up to 1.1.x Description: A vulnerability was found in moappi Json2html, which affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

PT-2021-21142 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.1 and earlier Description: The issue allows remote attackers to cause a denial of service via the delivery of many small messages within a single HTTP/2 frame, leading to uncontrolled recursion and stack consumption...

PT-2021-21143 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.0 and earlier Description: The issue allows remote attackers to cause uncontrolled resource consumption and deny service due to the allocation of buffers of arbitrary length when parsing messages. This can lead to...

Cross-site Scripting (XSS)

Overview AngularJS.Core is a AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. DOM event handlers await events to occur e.g. onclick, onkeypress, etc and execute arbitrary Javascript code in accordance to the...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. DOM event handlers await events to occur e.g. onclick, onkeypress, etc and execute arbitrary Javascript code in accordance to the event. By default, interpolations inside DOM event handlers are...