21 matches found
CVE-2026-42042
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy...
CVE-2026-42035
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
EUVD-2026-18554
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
cveClient 安全漏洞
cveClient is an open-source browser-based CVE record management client developed by the CERT Coordination Center CERT/CC. cveClient has a security vulnerability, which stems from the unprotected storage of API keys in the browser client, potentially leading to credential exposure...
Malicious Package
Overview browser-client-neptune is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2025-191484 Malicious code in browser-client-neptune (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9ad0cf7ca8faf91e654dc6ceb89ca235f191edc099334e5d8cf1a070bfb128a The package browser-client-neptune was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199881
Malicious code in browser-client-neptune npm...
Malicious code in browser-client-neptune (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9ad0cf7ca8faf91e654dc6ceb89ca235f191edc099334e5d8cf1a070bfb128a The package browser-client-neptune was found to contain malicious code. Source: ghsa-malware...
[SECURITY] Fedora 41 Update: seamonkey-2.53.21-1.fc41
SeaMonkey is an all-in-one Internet application suite previously made popular by Netscape and Mozilla. It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application...
Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - July 2023 - Includes Oracle July 2023 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2023 - Includes Oracle January 2023 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...
Security Bulletin: IBM Tivoli Monitoring Portal Browser Client (CVE-2013-0576)
Abstract A potential cross site scripting XSS vulnerability was found using the IBM Tivoli Enterprise Portal browser client. Content VULNERABILITY DETAILS: CVEID:CVE-2013-0576 DESCRIPTION: Cross site scripting XSS vulnerability using Tivoli Enterprise Portal browser client. . CVSS: CVSS Base Scor...
Kraken - A Multi-Platform Distributed Brute-Force Password Cracking System
Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolera...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2021 - Includes Oracle Jan 2021 CPU plus CVE-2020-27221
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...
Potential security vulnerabilities with JavaTM SDKs
Abstract Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0551, CVE-2012-1713,...