HedgeDoc 跨站请求伪造漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site request forgery vulnerability exists in HedgeDoc versions prior to 1.10.4, which stems from a lack of CSRF protection in the OAuth2 endpoint and could lead to cross-si...

CVE-2025-57330

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

SurveyJS Form Library 安全漏洞

SurveyJS Form Library is a free client-side component of SurveyJS open source using the MIT license. A security vulnerability exists in SurveyJS Form Library versions prior to 1.10.4 that stems from allowing cross-site scripting attacks via the imageLink attribute...

PT-2024-26860 · Unknown · Surveyjs Form Library

Name of the Vulnerable Software and Affected Versions: SurveyJS Form Library versions prior to 1.10.4 Description: The issue allows for contentMode=youtube XSS via the imageLink property in the question image.ts file. This can lead to a potential XSS attack when the contentMode is set to youtube...

SUSE CVE-2013-7112

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

Alpine 安全漏洞

Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 1.10.4, which stems from a vulnerability that allows bypassing URL access filters...

WordPress Geo Mashup Plugin Design Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform , the platform supports PHP and MySQL server set up a personal blog site . Geo Mashup is one of the plug-ins that can save the posts , pages and other location information and generate...

DEBIAN-CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

UBUNTU-CVE-2013-7112

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...