MAL-2022-3617 Malicious code in hexie-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d480e2cc2e535605e7caaa7981e20f5ee3d64e5a0629c5196070869acc7e5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2022-36144

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64encode...

mPDF 7.0 - Local File Inclusion Exploit

Exploit Title: mPDF 7.0 - Local File Inclusion Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from...

Cross-site Scripting (XSS)

subhh/libconnect is vulnerable to cross-site scriptingXSS attacks. The library does not properly encode the user input in displayParticipantsFormAction function, allowing an attacker to inject and execute malicious javascript on the target system...

brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

new packages: perl-Encode-Locale

An update is available for perl-Encode-Locale. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Encode-Detect

An update is available for perl-Encode-Detect. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Encode

An update is available for perl-Encode. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2022-28471

In ffjpeg commit hash: caade60, the function bmpload in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfifencode in jfif.c. This is due to the incomplete patch for issue 38...

U.S. Dept Of Defense: RXSS on █████████

I found RXSS on https://███████/██████ Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious...

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

Input validation

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

PYSEC-2022-183

Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

CVE-2021-41945

CVE-2021-41945: Encode OSS httpx =0.22.0-2 for certain distributions; upstream fixes are in 0.23.0+), or apply vendor patches when available. Exploitation details are not provided in the documents; no in-the-wild exploit links are confirmed here. For organizations using affected versions, priorit...

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

PT-2022-5665 · Encode Oss +2 · Httpx +2

Name of the Vulnerable Software and Affected Versions: Encode OSS httpx versions 0.23.0 Encode OSS httpx version =1.0.0.beta0 Description: The issue is related to insufficient input validation in the httpx.URL and httpx.Client components, as well as in some functions that utilize httpx.URL.copy...

Encode OSS httpx 输入验证错误漏洞

Encode OSS httpx is a full-featured HTTP client from Encode OSS UK. It provides both synchronous and asynchronous APIs and supports HTTP/1.1 and HTTP/2. An input validation error vulnerability exists in Encode OSS httpx version 1.0.0 and prior versions, which stems from improper input validation ...