123 matches found
CVE-2026-42280
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-42280 Improper Permission Checking in Auth.js SDK
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
MAL-2026-4164 Malicious code in identitysecuretokenserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2704e731d0b82aa5927cf3713f741111b03fe8efb2d886cb0ef472a24705c5e3 The package identitysecuretokenserv was found to contain malicious code. Source: ossf-package-analysis...
Incorrect Authorization
Overview auth0-js is an Auth0 headless browser sdk Affected versions of this package are vulnerable to Incorrect Authorization via token validation. An attacker can gain unauthorized access to user profile information by providing a specifically crafted invalid ID token along with a valid access...
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...
CVE-2026-29772
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...
File Inclusion node-tar Dependency in Jira Software Data Center
This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...
CVE-2025-66445 Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor Data Center Analytics component and Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-0...
CVE-2025-59935
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...
CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...
CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
EUVD-2021-0501
Malware in sbrugna...
EUVD-2019-5934
Malware in sbrugna...
EUVD-2021-0917
Malware in sbrugna...
EUVD-2021-2071
Malware in sbrugna...
EUVD-2025-12168
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-41941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may...
Apache Traffic Server(ATS) 访问控制错误漏洞
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. An access control error vulnerability exists in Apache Traffic Server ATS versions 10.0.0 through 10.0.6 and 9.0.0 through 9.2.10, which stems from an ACL configuration that do...
BIT-DRUPAL-2024-11942 Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...