EUVD-2025-5525

Malicious code in bioql PyPI...

EUVD-2024-2497

Malicious code in bioql PyPI...

EUVD-2025-5527

Malicious code in bioql PyPI...

Security Bulletin: Carbon design system packages

Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....

DOM Clobbering

tarteaucitron.js is vulnerable to DOM Clobbering. The vulnerability is due to accessing document.currentScript without verifying it references a valid...

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

GHSA-3MV9-4H5G-VHG3 tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53388

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...

CVE-2024-53387

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...

CVE-2024-53387

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...

CVE-2024-53388

A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element...

CVE-2024-53387

A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element...

CVE-2024-53388

The CVE-2024-53388 entry describes a DOM Clobbering vulnerability in the Mavo project, specifically version v0.3.2, where an attacker can cause arbitrary code execution by supplying a crafted HTML element. This is corroborated across multiple connected records (Red Hat, GitHub GHSA advisory, OSV,...

CVE-2024-53387

CVE-2024-53387 affects umeditor v1.2.3 and is described as a DOM Clobbering vulnerability that allows arbitrary code execution via a crafted HTML element. The root cause is a DOM clobber issue in the editor component; exploitation requires user interaction (per CVSS vector). Impact is high (C/H/I...

Important: Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift

Network Observability 1.7 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

DOM Clobbering

pagefind is vulnerable to DOM Clobbering. The vulnerability is caused due to a missing validation and sanitization where it is possible to clobber the look up document.currentScript.src. This will cause document.currentScript.src to resolve as an external domain, which will then be used by Pagefi...

UBUNTU-CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability 3/6/2013 Larry W. Cashdollar @larry0 The infiniband diagnostic utiltiy handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. http://www.openfabrics.org/downloads/ibutils/ nobody@exdb01...

SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit

Exploit for solaris platform in category dos / poc ============================================================= SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit ============================================================= !/usr/local/bin/perl -w The problem is catman creates files ...