Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/14 4:19 p.m.17 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over resources belonging to other...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 12:26 p.m.11 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host ...

8.7CVSS5.8AI score0.00475EPSS
Exploits0References2
NVD
NVD
added 2025/09/15 8:15 p.m.8 views

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS0.00378EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 7:16 p.m.5 views

CVE-2025-59162 [email protected] contains malware after npm account takeover

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

8.8CVSS6.9AI score0.00378EPSS
Exploits0References7
Snyk
Snyk
added 2025/02/21 10:48 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the account creation process. An attacker can manipulate the session of a logged-in administrator to create a new account with elevated privileges by tricking the administrator into interacting with a...

5.9CVSS7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.11 views

PT-2023-20191 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.0 through 3.1.1 Description: The issue concerns improper authentication in Apache DolphinScheduler's python gateway, allowing an attacker to use a socket bytes attack without authentication. This has been...

4.3CVSS4.5AI score0.01127EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/01/16 12:0 a.m.9 views

PT-2020-19376 · WordPress · Learndash Lms

Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin versions prior to 3.1.2 Description: The issue allows for XSS via the ld-profile search field. Recommendations: For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue...

5.4CVSS5.4AI score0.03458EPSS
Exploits6References8
Rows per page
Query Builder