21 matches found
JLSEC-2026-106
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2024-32477
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...
PT-2025-4810 · Mediawiki · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - OpenBadges Extension versions 1.39.X through 1.39.10 Mediawiki - OpenBadges Extension versions 1.41.X through 1.41.2 Mediawiki - OpenBadges Extension versions 1.42.X through 1.42.1 Description: The issue is related to Improper...
CVE-2025-23079 XSSes in Extension:ArticleFeedbackv5
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - ArticleFeedbackv5 extension: from 1.42.X before 1.42.2...
CVE-2025-23079 XSSes in Extension:ArticleFeedbackv5
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - ArticleFeedbackv5 extension: from 1.42.X before 1.42.2...
PT-2025-4809 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - ArticleFeedbackv5 versions 1.42.X through 1.42.2 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This enables attackers to inject malicious scrip...
GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
CVE-2024-6376 affects MongoDB Compass prior to 1.42.2. The issue arises from insufficient sandbox protection when using the ejson shell parser in Compass’ connection handling, potentially enabling code injection. Evidence across sources confirms the vulnerability is associated with Compass’ GUI a...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
MongoDB Compass Security Vulnerability
MongoDB Compass is a free interactive tool from the US-based MongoDB Inc. for querying, optimizing and analyzing MongoDB data. A security vulnerability previously existed in MongoDB Compass version 1.42.2, which stemmed from a possible bypass of the ejson shell parser...
CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...
Deno 安全漏洞
Deno is open source for a simple, modern and secure JavaScript and TypeScript runtime environment. It uses V8 and is built with Rust. A security vulnerability exists in versions prior to Deno 1.42.2, which stems from a race condition between an ANSI escape sequence and reading standard input,...
PT-2023-9237 · Mongodb · Mongodb Compass
Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...
GHSA-CCF4-9HJC-XXC4 Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs
Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credential...
Jenkins Plugin GitHub Pull Request Builder 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin GitHub Pull Request Builder 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...