Lucene search
K

4 matches found

OSV
OSV
added 2026/07/02 7:3 p.m.3 views

GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state

Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...

6.9CVSS5.8AI score
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte prior to 5.55.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from DOM pollution of internal framework states, which could lead to cross-site scripting attacks...

8.1CVSS4.9AI score0.00319EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.12 views

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.8AI score0.00319EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.9 views

CVE-2026-21627

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

9.5CVSS5.5AI score0.00397EPSS
Exploits1References1
Rows per page
Query Builder