Incorrect Authorization

Overview @powersync/service-sync-rules is an A library containing logic for PowerSync sync rules. Affected versions of this package are vulnerable to Incorrect Authorization in the stream synchronization with config.edition: 3 and subquery filters are used without partitioning the result set. An...

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

ToDesktop Builder security vulnerabilities

ToDesktop Builder is a desktop application building tool developed by ToDesktop Company in Ireland. Version 0.33.0 of ToDesktop Builder contains a security vulnerability. This vulnerability stems from improper permissions granted to the custom URL scheme handler, which may allow attackers to invo...

CVE-2021-28796

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers...

OESA-2024-1930 mpv security update

Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different vid...

Advisory ROSA-SA-2021-1848

Software: gparted 0.33.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-7208 CVE-Crit: HIGH CVE-DESC: GParted before version 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the created file system label. CVE-STATUS: default CVE-REV: default...

node-mpv formatting string error vulnerability

node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...

UBUNTU-CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

node-mpv 格式化字符串错误漏洞

node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...

Cross site scripting

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers...

Getty104 qiita-markdown 跨站脚本漏洞

Getty104 qiita-markdown is Getty104 an open source application . It provides an editor function. A cross-site scripting vulnerability exists in Qiita Markdown before 0.33.0, which originates from transformer...

Tendermint Data Forgery Issue Vulnerability

Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Inc. in the United States. A data forgery vulnerability exists in Tendermint v0.33.0 and later versions fixed in v0.33.6. The vulnerability arises from a network system or product that does not adequately validate the...