EUVD-2026-18552

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

CVE-2026-35466 Stored XSS via unsanitized input from remote service

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

EUVD-2021-33237

Malicious code in bioql PyPI...

EUVD-2022-52711

Malicious code in bioql PyPI...

CVE-2022-24875

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

Code injection

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

cve-services 安全漏洞

cve-services is an open source project. It is used to operate the CVE Services API. A security vulnerability exists in cve-services that originates from the storage of randomKey in plain text in the data.js script. a remote attacker could gain unauthorized access to sensitive information on the...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

CVE-2022-31004

CVE-2022-31004 affects the open source CVE services API project cve-services. A conditional in data.js can cause the generated randomKey to be written to disk when not running in development, potentially exposing plaintext secrets on disk in production. Public details do not list a released patch...

Code injection

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

CVE-2022-24875

The CVE-2022-24875 issue affects the CVEProject/cve-services project prior to and including version 1.1.1, where the org.conroller.js routine could log user secrets. The root cause is logging sensitive data; this has been fixed in commit 46d98f2b, with the fix expected in subsequent releases. Rem...

cve-services 日志信息泄露漏洞

cve-services is an open source project. It is used to operate the CVE Services API. A security vulnerability exists in cve-services version 1.1.1 and earlier versions, which stems from org.conroller.js code that incorrectly logs user secrets...

CVE-2021-46561

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new...

Design/Logic Flaw

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new...