CVE-2023-5895

Cross-site Scripting XSS - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5891

Cross-site Scripting XSS - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5893

Cross-Site Request Forgery CSRF in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-5901

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

MAL-2025-4306 Malicious code in btcjs-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6dc89984b6c5d31e37a51eac0c9ebf6c3e93d8772938d44ac1051bffbda8962 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-52727

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits...

CVE-2023-5904

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2022-47924

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2022-47931

IO FinNet tss-lib before 2.0.0 allows a collision of hash values...

CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage of libmpcodecs/mpimage.c...

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

CVE-2020-28938

OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users...

CVE-2018-25077

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

Malicious code in genesys-lib (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4165 Malicious code in bitcoinjs-lib-v5 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2017-11101

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swfRelocate function in lib/modules/swftools.c...

CVE-2017-14600

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $GET'delblack', resulting in Information Disclosure...

CVE-2015-10014

A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. T...