25 matches found
EUVD-2024-24419
Malicious code in bioql PyPI...
CVE-2025-57516
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file...
PT-2025-6072 · Unknown · Phpgurukul Small Crm
Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: The issue is related to Cross Site Scripting XSS via a crafted payload injected into the name in the profile.php. This allows for potential malicious script execution. Recommendations: For...
CVE-2024-27177 Remote Code Execution
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower th...
PT-2024-22797
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...
loader-utils: prototype pollution in function parseQuery in parseQuery.js
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
...
Prototype Pollution
node-loader-utils is vulnerable to Prototype Pollution. The vulnerability exists in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js which allows an attacker to cause a prototype pollution...
CVE-2022-37598
A prototype pollution vulnerability was found in UglifyJS, stemming from the DEFNODE function in ast.js via the name variable. Exploiting this flaw involves adding or altering properties of the Object.prototype through a "proto" or constructor payload, enabling an attacker to execute arbitrary co...
DEBIAN-CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
CVE-2022-37598
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...
Prototype Pollution
js-beautify is vulnerable to prototype pollution. An attacker is able to pollute any future object creations by passing a crafted malicious payload to mergeOpts function in options.js via the name variable...
GHSA-76P3-8JX3-JPFQ Prototype pollution in webpack loader-utils
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js...
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...
CVE-2022-37609
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js...
CVE-2022-37609
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js...
UBUNTU-CVE-2022-37609
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js...
CVE-2017-12865
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted response query string passed to the "name" variable...