HSEC-2024-0004 Hackage package and doc upload stored XSS vulnerability

Hackage package and doc upload stored XSS vulnerability Author: Fraser Tweedale Haskell SRT Executive summary A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served...

Command Injection

mcp-package-docs is vulnerable to command injection. The vulnerability is due to unsanitized input passed to childprocess.exec, which allows an attacker to inject arbitrary system commands and achieve remote code execution under the server process's privileges...

mcp-package-docs 命令注入漏洞

mcp-package-docs is an MCP server for Sam Individual Developers that provides LLM with efficient access to package documentation across multiple programming languages. A command injection vulnerability exists in mcp-package-docs that stems from not cleaning up input parameters, which could lead t...

Fedora 37 : woff (2022-c30d362ce5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c30d362ce5 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

Malicious code in redux-data-model-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53b5812f64dc0e890eccf730c2030854531411dc41a95fa540bd122043cbcc01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora Core 6 : libgtop2-2.14.9-1.fc6 (2007-657)

Thu Aug 2 2007 Soren Sandmann - 2.14.9-1 - BuildRequire gtk-doc, package documentation files in devel package - Thu Aug 2 2007 Soren Sandmann - 2.14.9-1 - Update to libgtop-2.14.9 for b.r.c 222637 CVE-2007-0235 Note that Tenable Network Security has extracted the preceding description block...