Lucene search
K

60 matches found

Prion
Prion
added 2022/10/31 12:15 p.m.18 views

Hardcoded credentials

A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js...

5CVSS7.9AI score0.01092EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.28 views

CVE-2022-37620

A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression...

7.7AI score0.01092EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.8 views

CVE-2022-37620

A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression...

7.5AI score0.01092EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.4 views

PT-2022-24031

Name of the Vulnerable Software and Affected Versions kangax html-minifier version 4.0.0 Description A Regular Expression Denial of Service ReDoS flaw was found in the candidate variable in htmlminifier.js. This issue can cause a denial of service. Recommendations For kangax html-minifier version...

8.7CVSS7.1AI score0.01092EPSS
Exploits0References13
CVE
CVE
added 2022/10/31 12:0 a.m.355 views

CVE-2022-37620

CVE-2022-37620: ReDoS in kangax/html-minifier 4.0.0 due to reCustomIgnore regex. CVSS v3.1 base score 7.5 (HIGH); attack vector NETWORK, complexity LOW, no privileges required, no user interaction; impact: Availability loss. Remediation: upgrade/downgrade to a non-vulnerable/html-minifier version...

7.5CVSS7.4AI score0.01092EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/08/04 5:15 p.m.33 views

CVE-2022-31132

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

9.8CVSS0.00604EPSS
Exploits0References1
Prion
Prion
added 2022/08/04 5:15 p.m.20 views

Server side request forgery (ssrf)

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

7.5CVSS9.4AI score0.00604EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/04 5:10 p.m.37 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.8AI score0.00604EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/04 5:10 p.m.6 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.5AI score0.00604EPSS
Exploits0References1
CVE
CVE
added 2022/08/04 5:10 p.m.92 views

CVE-2022-31132

The CVE-2022-31132 issue affects Nextcloud Mail where versions shipped with the CSS minifier at ./vendor/cerdic/css-tidy/css_optimiser.php expose an unrestricted interface, enabling unauthenticated SSRF. Affected software is Nextcloud Mail; impact is described as Server-Side Request Forgery with ...

9.8CVSS9.2AI score0.00604EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/08/04 5:10 p.m.25 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.2AI score0.00604EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.6 views

Nextcloud 代码问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail that stems from unrestricted access to minifier. An attacker could exploit this vulnerability to perfor...

9.8CVSS8.4AI score0.00604EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.5 views

PT-2022-20552 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.12.7 Nextcloud Mail versions prior to 1.13.6 Description: Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path...

9.8CVSS9.4AI score0.00604EPSS
Exploits0References4
Snyk
Snyk
added 2022/08/03 8:7 a.m.2 views

Malicious Package

Overview codemirror-dart-minifier is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Fedora
Fedora
added 2022/07/30 2:0 a.m.18 views

[SECURITY] Fedora 36 Update: golang-github-tdewolff-minify-2.11.10-4.fc36

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.16 views

Fedora: Security Advisory for golang-github-evanw-esbuild (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Kitploit
Kitploit
added 2020/06/26 10:0 p.m.48 views

VBSmin - VBScript Minifier

VBScript minifier Features Remove extra whitespace Trailing whitespace Leading whitespace Blank lines Inline extra spaces Remove comments Single quote start of the line Single quote inline REM One-line Line splitting underscore Colon Quick start Quick install $ gem install vbsmin See more install...

6.5AI score
Exploits0References4
Hacker One
Hacker One
added 2018/01/04 4:7 a.m.38 views

Cloudflare: // (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier

The following is valid javascript: var a = //; So is this: var url = https://hackerone.com; However, Cloudflare's auto-minifier removes the parts of both lines including and after the //, meaning in production, they look like this: var a = var url = https: This can either straight up break or...

6.8AI score
Exploits0
OSV
OSV
added 2017/01/23 9:59 p.m.4 views

CVE-2016-6517

Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E encoded dot dot in the minifierBundleDir parameter to barebone.jsp...

9.8CVSS5.9AI score0.024EPSS
Exploits1References3
CNVD
CNVD
added 2017/01/03 12:0 a.m.3 views

Cross-site scripting vulnerability in wordpress plugin theme-minifier

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The wordpress plugin theme-minifier suffers from a cross-site scripting vulnerability due to improper filtering of user input...

6.6AI score
Exploits0
Rows per page
Query Builder