SQL Injection

Overview @veramo/core-types is a Veramo Core Logic & Interfaces. Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queries and access...

MAL-2025-151978 Malicious code in aibpuna-mobiuple-amakora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 040a434589bc8630951afa4db1b32dd40feaa5c3389ba221b3bb81ab5efa2d78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2022-6409

Malicious code in bioql PyPI...

OroPlatform vulnerable to path traversal during temporary file manipulations

Impact Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. The file will be deleted...

CVE-2020-28459

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...

CVE-2020-28459

CVE-2020-28459 affects all versions of the package markdown-it-decorate. The vulnerability allows an attacker to inject event handlers or use javascript: URLs in links, enabling potential cross-site scripting (XSS). Public documents consistently describe the issue as XSS in markdown-it-decorate w...

markdown-it-decorate 跨站脚本漏洞

markdown-it-decorate is used to add attributes, IDs, and classes to Markdown by Rico Sta. Cruz, a personal developer in Australia. A security vulnerability exists in markdown-it-decorate, which can be exploited by an attacker to add the event handler javascript:xxx for links...

Cross-site Scripting (XSS)

markdown-it-decorate is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scripts via user-provided parameters...

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: OSV:GHSA-RHF5-2378-3W3W...

GHSA-RHF5-2378-3W3W markdown-it-decorate vulnerable to cross-site scripting (XSS)

markdown-it-decorate adds attributes, IDs and classes to Markdown, and the most recent version 1.2.2 was published in 2017. All versions are currently vulnerable to cross-site scripting XSS and there is no fixed version at this time...

PT-2022-8902 · Npm · Markdown-It-Decorate

Name of the Vulnerable Software and Affected Versions: markdown-it-decorate versions prior to a fixed version no fixed version available Description: The issue affects the markdown-it-decorate package, allowing an attacker to add an event handler or use javascript:xxx for the link, potentially...

Cross-site Scripting (XSS)

Overview markdown-it-decorate is an Add classes, identifiers and attributes to your markdown with HTML comments Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can add an event handler or use javascript:xxx for the link. PoC const md = require'markdown-it...

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: SNYK:JS-MARKDOWNITDECORATE-1044068...

Cat Runner Decorate Home for Android Input Validation Error Vulnerability

Cat Runner Decorate Home for Android is a parkour game based on the Android platform. An input validation error vulnerability exists in the application API of Cat Runner Decorate Home version 2.8.0 for Android, which can be exploited by an attacker to modify the application data and obtain more...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

Code injection

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2019-13097

The vulnerability CVE-2019-13097 affects Cat Runner Decorate Home for Android (version 2.8.0). The app’s API does not sufficiently verify inputs that are treated as immutable but can be controlled externally, allowing manipulation of users’ score parameters exchanged between client and server. No...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

Design Decorate New House - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Design Decorate New House published at the 'play' market has multiple vulnerabilities...