CVE-2025-12776

The CVE-2025-12776 case concerns the WebConsole Report Builder, where user input is stored directly in a web page and displayed to others, enabling a stored XSS risk. The issue is triggered when a user with edit permissions modifies a report; running the report does not execute the scripts, but e...

EUVD-2024-49465

Malicious code in bioql PyPI...

EUVD-2024-0464

Malicious code in bioql PyPI...

Relative Path Traversal

Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Relative Path Traversal via the filemanager.php endpoint. An attacker can access files outside the intended directory by sending a crafted HTTP request...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

GHSA-22R3-9W55-CJ54 Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

SUSE-SU-2023:2241-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - CVE-2023-21971: Fixed a crash in MySQL Connectors that could be triggered by an authenticated remote user bsc1211247. - Ship protobuf 3.9.2 compatible generated files to support older distro versions. - Update to 8.0.32: -...

GHSA-P8P7-X288-28G6 Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

GHSA-PP8R-VV2J-9J5V traitobject is Unmaintained

Crate traitobject has not had a release for over five years. In addition there is an existing security advisory that has not been addressed: - RUSTSEC-2020-0027 Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - destructuretraitobject...

GHSA-6367-P3V8-7MGW google-cloudstorage-commands Command Injection vulnerability

A command injection vulnerability affects all versions of the deprecated package google-cloudstorage-commands...

google-cloudstorage-commands Command Injection vulnerability

A command injection vulnerability affects all versions of the deprecated package google-cloudstorage-commands...

Angular (deprecated package) Cross-site Scripting

All versions of package angular are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained packag...

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

Default configuration

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

UBUNTU-CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of...