Lucene search
K

6 matches found

Veracode
Veracode
added 2026/04/29 9:39 a.m.14 views

Cache Poisoning

Spring MVC and WebFlux are vulnerable to Cache Poisoning. The vulnerability is due to improper handling of encoded resource resolution when resource chain caching is enabled, allowing attackers to store incorrectly encoded resources in the cache, which can break frontend asset delivery and lead t...

3.1CVSS5.2AI score0.00236EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/04/17 1:37 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the asset delivery process. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a crafted HTML or SVG file as an asset, which is then rendered by a victim's...

8.7CVSS5.5AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained security vulnerabilities. These vulnerabilities stemmed from the asset delivery handler’s inline handling of uploaded files and its reliance on magic bytes to detect...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/17 3:9 a.m.7 views

Malicious code in asset-delivery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/17 3:9 a.m.2 views

Malicious Package

Overview asset-delivery is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/17 3:9 a.m.2 views

MAL-2026-1489 Malicious code in asset-delivery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...

5.7AI score
Exploits0References1
Rows per page
Query Builder