EUVD-2021-0508

Malware in sbrugna...

EUVD-2024-50040

Malicious code in bioql PyPI...

EUVD-2022-6329

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular...

CVE-2022-2144

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

Linux Distros Unpatched Vulnerability : CVE-2021-21252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before...

BIT-APISIX-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

The vulnerability of the url2 method in the jQuery Validation Plugin allows a violator to trigger a service failure.

The vulnerability of the url2 method in the jQuery Validation Plugin involves incorrect handling of regular expressions. Exploiting this vulnerability could allow an attacker to cause a service failure...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-21252

Summary There is a vulnerability CVE-2021-21252 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-21252 DESCRIPTION: jQuery Validation Plugin is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw when validating...

CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

UBUNTU-CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

Input validation

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

CVE-2022-31147

The vulnerability CVE-2022-31147 affects the jquery-validation plugin (npm/package jquery-validation). Versions prior to 1.19.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) in the url2 method, due to an incomplete fix for CVE-2021-43306. Impact is a potential DoS; no exploit d...

Apache APISIX < 2.13.0 Input Validation

The version of Apache APISIX installed on the remote host is prior to 2.13.0. It is, therefore, potentially affected by an input validation vulnerability. When decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, t...

PT-2022-17492 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.13.0 Description: The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as...

Apache Apisix 输入验证错误漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...

CVE-2022-0229 miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

CVE-2021-21252

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service. This is fixe...