EyouCms 跨站脚本漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A cross-site scripting vulnerability exists in EyouCms v1.6.3, which stems from a stored cross-site scripting XSS vulnerability in the custom variables...

CVE-2023-36827

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

Path traversal

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone

Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals or systems. Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a...

CVE-2023-29145

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LDLIBRARYPATH, set LDPRELOAD, or run an executable file in a debugger...

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:2669-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2669-1 advisory. Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. ...

Dell BIOS Input Validation Error Vulnerability (CNVD-2025-02576)

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker exploiting this vulnerability could modify UEFI variables...

Dell BIOS Input Validation Error Vulnerability (CNVD-2025-02577)

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit the vulnerability to modify UEFI variables...

Improper Input Validation

gitlab is vulnerable to Improper Input Validation. The vulnerability allows a malicious attacker to steal environment variables through the :sendmail delivery method via maliciously crafted email addresses...

PT-2023-15713 · Google · Widevine Trusted Application

Name of the Vulnerable Software and Affected Versions: Widevine Trusted Application TA versions 5.0.0 through 5.1.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the drm verify keys function, specifically with the total len+file name len calculation. Th...

MAL-2023-215 Malicious code in criteo-static-variables-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65ae832c9a084b0c39c57bf3bb68ff1877e5f1370b9c29e564368e0a2d224d9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-35931

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

Code injection

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

CVE-2023-35931

CVE-2023-35931 affects the JavaScript library shescape . The vulnerability exists in the shell-escape logic, specifically the interpolation path in the internal function (escapeArgForInterpolation) used when the interpolation option is enabled with Windows CMD, which can allow an attacker to read...

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

Information Disclosure

shescape is vulnerable to Information Disclosure. The vulnerability exists in the escapeArgForInterpolation function at cmd.js because the command string is not properly sanitized which allows an attacker to gain access to potentially sensitive environment variables...