7 matches found
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...
Interpretation Conflict
Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host ...
CVE-2025-59162
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
CVE-2025-59162 [email protected] contains malware after npm account takeover
color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the account creation process. An attacker can manipulate the session of a logged-in administrator to create a new account with elevated privileges by tricking the administrator into interacting with a...
PT-2023-20191 · Apache · Apache Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.0 through 3.1.1 Description: The issue concerns improper authentication in Apache DolphinScheduler's python gateway, allowing an attacker to use a socket bytes attack without authentication. This has been...
PT-2020-19376 · WordPress · Learndash Lms
Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin versions prior to 3.1.2 Description: The issue allows for XSS via the ld-profile search field. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue...