EUVD-2024-46576

Malicious code in bioql PyPI...

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

CVE-2024-5351

CVE-2024-5351 affects anji-plus AJ-Report up to 1.4.1. The vulnerability is in the Javascript Handler’s getValueFromJs function, where a deserialization issue can be triggered. This allows a remote attacker to exploit the flaw, with public disclosure of the exploit, per the CVE description and re...

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

AJ-Report 安全漏洞

AJ-Report is a fully open source, drag-and-drop editing visual design tool from anji-plus open source. A security vulnerability exists in anji-plus AJ-Report 1.4.1 and earlier versions, which stems from a deserialization vulnerability in the function getValueFromJs of the component Javascript...

PT-2023-16680 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions 1.5.5 and earlier Description: A critical issue was found in the WSH JScript Handler component, leading to code injection. The manipulation requires a local attack approach. The issue has been publicly disclosed and may be...

Brave Software: Security token and handler name leak from window.braveBlockRequests

Vulnerability description not provided...

(0Day) Oracle Data Quality DscXB onloadstatechange Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2007-4832 · Microsoft · Internet Explorer 6

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 6 Description: The issue allows remote attackers to bypass certain XSS protection schemes by executing web script from URIs of arbitrary scheme names ending with the "script" character sequence. This is done using...