Lucene search
+L

6 matches found

github
github
added 2026/06/16 7:11 p.m.13 views

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

5.5CVSS5.8AI score0.00135EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-52131

Malicious code in bioql PyPI...

7.2CVSS5.2AI score0.00651EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 12:30 a.m.9 views

CVE-2022-4871

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...

7.2CVSS7.6AI score0.00651EPSS
Exploits0
prion
prion
added 2023/01/03 12:15 p.m.26 views

Sql injection

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...

5.8CVSS7.4AI score0.00651EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2023/01/03 11:0 a.m.25 views

CVE-2022-4871 ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...

5.8CVSS7.6AI score0.00651EPSS
Exploits0References3
osv
osv
added 2023/01/03 11:0 a.m.32 views

CVE-2022-4871 ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...

4.7CVSS5.4AI score0.00651EPSS
Exploits0References5
Rows per page
Query Builder