Lucene search
K

26 matches found

CNNVD
CNNVD
added 2021/11/25 12:0 a.m.3 views

Ruby 输入验证错误漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. buffer overflow vulnerability exists in versions prior to Ruby 3.0.3, which stems from a buffer overflow string 700 MB to CGI.escapehtml when passing very large data. ...

9.8CVSS7.5AI score0.04766EPSS
Exploits1References16
Snyk
Snyk
added 2021/09/22 4:18 p.m.6 views

Cross-site Scripting (XSS)

Overview bootstrap-table is an extended table to integration with some of the most widely used CSS frameworks. Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability...

6.1CVSS5.3AI score0.02332EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.5 views

haml 跨站脚本漏洞

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

7.7CVSS5.2AI score0.007EPSS
Exploits1References4
OSV
OSV
added 2021/04/09 10:15 p.m.8 views

CVE-2021-21198

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

7.4CVSS8.4AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2021/01/08 7:15 p.m.24 views

CVE-2020-16024

Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS7.4AI score0.01909EPSS
Exploits0References1
myhack58
myhack58
added 2017/02/17 12:0 a.m.32 views

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...

0.2AI score
Exploits0
Rows per page
Query Builder