CVE-2022-25979

Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...

SQL Injection

@langchain/community is vulnerable to SQL injection. The vulnerability is due to improper handling of user input in the GraphCypherQAChain class, which allows attackers to inject malicious prompts that can lead to SQL injection...

CVE-2024-21529

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the...

node-gettext vulnerable to Prototype Pollution

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input encoding, which can result in XSS when rendering files from .youtube or .vimeo. Exploitation requires a valid backend user account or write access on the server system e.g., SFTP...

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation

All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

CVE-2023-26109

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

CVE-2023-26110

All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation...

CVE-2022-25855

All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

CVE-2022-25929

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...

Bayanno Hospital Management System 4.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Versio...

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...

MS KB2961887: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB2961887. It is, therefore, affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution. C Tenable...