@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

EUVD-2025-22555

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...

EUVD-2025-201250

auth0/node-jws Improperly Verifies HMAC Signature...

GHSA-4233-7Q5Q-M7P6 google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

CVE-2021-46061

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system RSMS 1.0 via the code parameter in /rsms/ node app...

Sourcecodester Computer and Mobile Repair Shop Management system SQL注入漏洞

Sourcecodester Computer and Mobile Repair Shop Management system is a simple PHP project that provides an informational website for the store. The project also manages customers' repair records and allows them to check the status online if their device has been repaired or serviced. An SQL...

Audit CouchDB - The Simple, Clear, CouchDB Security Assessment

Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...