GHSA-W9J2-PVGH-6H63 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

EUVD-2006-1682

Malware in sbrugna...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

openSUSE Security Update : libzypp / zypper (openSUSE-2018-1017)

This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp : - Update to...

IIS allows universal CrossSiteScripting

Thor Larholm security advisory TL001 ------------------------------------- By Thor Larholm, Denmark. 10 April 2002 HTML format: http://jscript.dk/adv/TL001/ Topic: IIS allows universal CrossSiteScripting. Discovery date: 13 March 2002. Severity: Medium Affected applications: ---------------------...