7 matches found
GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...
Autodesk Fusion 跨站脚本漏洞
Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in component names. This vulnerability may lead to stored-xss attacks, allowing attackers to...
EUVD-2025-201864
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...
CVE-2025-61776
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
Dependency-Track 安全漏洞
Dependency-Track is Dependency-Track's open source suite of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.13.5, which stems from the possibility of sending private NuGet...
Open-AudIT Professional Cross-Site Scripting Vulnerability
Open-AudIT Professional is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in Open-AudIT Professional version 2.1.1. A remote attacker can exploit this vulnerability to...