35 matches found
CVE-2026-6218
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
EUVD-2026-22089
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-6218
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-6218 aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-6218 aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-6218
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-6218
CVE-2026-6218 affects the aandrew-me ytDownloader project up to version 3.20.2, specifically the createTextNode function in the Error Details Panel. The issue enables cross-site scripting and can be exploited remotely. All connected documents confirm the same vector and impact; no additional expl...
ytDownloader 代码注入漏洞
ytDownloader is a multi-platform audio and video download tool developed by Andrew. Versions of ytDownloader 3.20.2 and earlier had a code injection vulnerability, which stemmed from a cross-site scripting attack involving the function createTextNode in the Error Details Panel component...
CVE-2026-21783
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
BIT-PARSE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This...
GHSA-9CP7-3Q5W-J92G parse-server: Malformed `$regex` query leaks database error details in API response
Impact A malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerabilit...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2026-30835 Parse Server: Malformed `$regex` query leaks database error details in API response
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...
CVE-2025-69250
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...
Astra Linux - уязвимость в zabbix
The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
EUVD-2013-3363
Malware in sbrugna...
EUVD-2025-27990
Malicious code in bioql PyPI...
EUVD-2021-33034
Malicious code in bioql PyPI...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the authentication process. An attacker can obtain sensitive internal error information by submitting a login attempt with a deleted client secret. Remediation A fix was pushed into the master branch but not yet...