SQLite report about CVE-2023-7104

This is a bug in the session extension of SQLite, not in the SQLite core. This bug is only reachable by applications that recompile SQLite using the -DSQLITEENABLESESSION compile-time option and then use the Session C-language APIs to process a changeset that has been subtly corrupted by an...

PT-2025-49747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s overlay functionality where a call to of changeset init occurs prematurely. Specifically, if of overlay fdt apply fails, a partial state may remain,...

Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

@dependable/session (=0.7.0), angularjs-lively (=0.0.1) +18 more potentially affected by CVE-2021-25915 via changeset (>=0.0.5 <=0.2.1)

changeset NPM version =0.0.5, =0.2.0, =1.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.10, =2.0.0, =1.0.0, =1.0.3 - observable-delta-stream =0.1.0 and more Source cves: CVE-2021-25915 Source advisory: OSV:GHSA-2GQW-Q9R9-7F79...

GHSA-2GQW-Q9R9-7F79 Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

Stored XSS vulnerability in Jenkins Liquibase Runner Plugin

Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...

GSD-2021-1002598 btrfs: free exchange changeset on failures

btrfs: free exchange changeset on failures This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.8 by commit...

Prototype Pollution

changeset is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-25915

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25915

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25915

CVE-2021-25915 affects the npm package changeset (versions 0.0.1–0.2.5). The root cause is a prototype-pollution flaw in the apply() function that allows unvalidated changes to pollute Object prototypes, enabling Denial of Service and potentially Remote Code Execution. Public advisories (GitHub G...

CVE-2021-25915

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25915

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution...

Eugene Ware changeset 安全漏洞

Eugene Ware changeset is Eugene Ware an open source application . It is used to generate diff changesets for javascript objects, breaking the diff into a series of puts and delete operations. A security vulnerability exists in changeset versions 0.0.1 through 0.2.5 that originates from allowing a...

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

CVE-2020-36192

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

Xen Management Tool DoS (XSA-323)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to a bad path name limit in oxenstored. A malicious guest administrator can exploit this, by creating paths in the guest's own namespace that are too...

WordPress Plugin Google Review Slider 6.1 - tid SQL Injection

WordPress Plugin Google Review Slider 6.1 - tid SQL Injection Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog :...

Wordpress Google Review Slider 6.1 Plugin - (tid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendo...