701 matches found
EUVD-2025-31068
Malicious code in bioql PyPI...
EUVD-2023-54130
Malicious code in bioql PyPI...
EUVD-2025-22686
Malicious code in bioql PyPI...
EUVD-2024-23051
Malicious code in bioql PyPI...
EUVD-2024-52839
Malicious code in bioql PyPI...
Prototype Pollution
Overview org.webjars.npm:dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values,...
Prototype Pollution
Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...
@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +331 more potentially affected by CVE-2025-57347 via dagre-d3-es (>=7.0.10 <=7.0.11)
dagre-d3-es NPM version =7.0.10, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.17.1, =0.0.19, =0.0.21 and more Source cves: CVE-2025-57347 Source advisory: SNYK:JS-DAGRED3ES-13110069...
CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...
CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...
dagre-d3-es 安全漏洞
dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...
CVE-2025-57347
CVE-2025-57347 affects the Node.js package dagre-d3-es (v7.0.9 affected; patched in newer releases). The vulnerability resides in the bk module’s addConflict() where user input is not properly sanitized during property assignment, enabling prototype pollution via inputs like proto . This can poll...
PT-2025-39322
Name of the Vulnerable Software and Affected Versions dagre-d3-es versions prior to 7.0.11 Description A flaw exists in the 'dagre-d3-es' Node.js package within the 'bk' module’s addConflict function. The issue stems from inadequate input sanitization during property assignment, allowing prototyp...
CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...
CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...
CVE-2025-56752
A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...
CVE-2025-56752
A vulnerability in the Ruijie RG-ES series switch firmware ESW1.01B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affected devices via crafted HTTP POST request to...
CVE-2025-56752
CVE-2025-56752 affects Ruijie RG-ES series switches running firmware ESW_1.0(1)B1P39. The vulnerability allows remote attackers to bypass authentication via a crafted HTTP POST to /user.cgi, granting unrestricted access to modify administrative settings and potentially take control of affected de...
Linux Distros Unpatched Vulnerability : CVE-2016-1677
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain...
Linux Distros Unpatched Vulnerability : CVE-2024-42326
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There was discovered a use after free bug in browser.c in the esbrowsergetvariant function CVE-2024-42326 Note that Nessus relies on the presence of the package...