Lucene search
+L

701 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31068

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00502EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54130

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00713EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-22686

Malicious code in bioql PyPI...

7.6AI score0.00148EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-23051

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00247EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.14 views

EUVD-2024-52839

Malicious code in bioql PyPI...

7.3AI score0.00203EPSS
Exploits0References5
snyk
snyk
added 2025/09/24 7:43 p.m.3 views

Prototype Pollution

Overview org.webjars.npm:dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values,...

9.8CVSS6.6AI score0.00502EPSS
Exploits0References2
snyk
snyk
added 2025/09/24 7:43 p.m.2 views

Prototype Pollution

Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...

9.8CVSS8.3AI score0.00502EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2025/09/24 7:43 p.m.6 views

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +331 more potentially affected by CVE-2025-57347 via dagre-d3-es (>=7.0.10 <=7.0.11)

dagre-d3-es NPM version =7.0.10, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.17.1, =0.0.19, =0.0.21 and more Source cves: CVE-2025-57347 Source advisory: SNYK:JS-DAGRED3ES-13110069...

9.8CVSS5.7AI score0.00502EPSS
Exploits0
nvd
nvd
added 2025/09/24 7:15 p.m.7 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

9.8CVSS0.00502EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

7AI score0.00502EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/09/24 12:0 a.m.10 views

dagre-d3-es 安全漏洞

dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...

9.8CVSS6.5AI score0.00502EPSS
Exploits0References2
cve
cve
added 2025/09/24 12:0 a.m.33 views

CVE-2025-57347

CVE-2025-57347 affects the Node.js package dagre-d3-es (v7.0.9 affected; patched in newer releases). The vulnerability resides in the bk module’s addConflict() where user input is not properly sanitized during property assignment, enabling prototype pollution via inputs like proto . This can poll...

9.8CVSS7AI score0.00502EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2025/09/24 12:0 a.m.11 views

PT-2025-39322

Name of the Vulnerable Software and Affected Versions dagre-d3-es versions prior to 7.0.11 Description A flaw exists in the 'dagre-d3-es' Node.js package within the 'bk' module’s addConflict function. The issue stems from inadequate input sanitization during property assignment, allowing prototyp...

9.8CVSS7.6AI score0.00502EPSS
Exploits0References5
cvelist
cvelist
added 2025/09/24 12:0 a.m.12 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

0.00502EPSS
Exploits0References2
osv
osv
added 2025/09/24 12:0 a.m.5 views

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

9.8CVSS7.4AI score0.00502EPSS
Exploits0References4
nvd
nvd
added 2025/09/03 6:15 p.m.11 views

CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

9.4CVSS0.00497EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/03 12:0 a.m.10 views

CVE-2025-56752

A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...

0.00497EPSS
Exploits0References1
cve
cve
added 2025/09/03 12:0 a.m.24 views

CVE-2025-56752

CVE-2025-56752 affects Ruijie RG-ES series switches running firmware ESW_1.0(1)B1P39. The vulnerability allows remote attackers to bypass authentication via a crafted HTTP POST to /user.cgi, granting unrestricted access to modify administrative settings and potentially take control of affected de...

9.4CVSS6.8AI score0.00497EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-1677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain...

6.5CVSS6.9AI score0.03094EPSS
Exploits0References2
nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-42326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There was discovered a use after free bug in browser.c in the esbrowsergetvariant function CVE-2024-42326 Note that Nessus relies on the presence of the package...

4.4CVSS6.1AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder