33 matches found
Malicious code in tailwind-typography-stylecss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 273b99f5721643d8ba8335fd73b46b4b32f81406d73f44e7a16552e16b8becd6 Package name 'tailwind-typography-stylecss' impersonates the official '@tailwindcss/typography' plugin; the shipped README is a verbatim copy of the...
PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...
CVE-2026-6477
Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...
PT-2026-40922
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...
CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
Locutus 安全漏洞
Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.0 contained security vulnerabilities, which stemmed from insecure implementations of the calluserfuncarray function, potentially allowing remote code execution...
CVE-2018-18531
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31566
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31576
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2025-68118
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...
GHSA-55JH-84JV-8MX8 Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule
Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule
Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...
smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
...
EUVD-2022-53042
Malicious code in bioql PyPI...
EUVD-2022-47001
Malicious code in bioql PyPI...
EUVD-2025-29519
Malicious code in bioql PyPI...
CVE-2025-40933
Apache::AuthAny::Cookie v0.201 and earlier for Perl generates insecure session IDs. The vulnerability arises from using an MD5 hash of the epoch time combined with Perl’s built‑in rand(). If the epoch time is guessable (e.g., not leaked via HTTP Date headers) and rand() is not cryptographically s...
PT-2025-35322
Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.32 and prior to 15.4.7 Description Next.js is a React framework for building full-stack web applications. When the next function was used without explicitly passing the request object in self-hosted applications,...