EUVD-2022-5844

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a propert...

WordPress Plugin README Parser plugin <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via target Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Plugin README Parser versions = 1.3.15...

CVE-2019-10410

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules...

webpack: avoid cross-realm objects

A flaw was found in the webpack package, which could allow a remote attacker to bypass security restrictions caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. This flaw allows an attacker to gain access to the real global object by sending a specially-crafted...

SUSE CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

DEBIAN-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

UBUNTU-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

PT-2023-21600 · Webpack +3 · Webpack +3

Name of the Vulnerable Software and Affected Versions: Webpack versions prior to 5.76.0 Description: The issue concerns cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to...

GHSA-XQQW-CQJP-52XM Jenkins Log Parser Plugin vulnerable to Cross-site Scripting

Log Parser Plugin did not escape an error message shown when log parsing patterns are invalid. This resulted in a persisted cross-site scripting vulnerability exploitable by attackers able to control the log parsing rules configuration, typically users with Job/Configure permission. Jenkins appli...

Jenkins Log Parser Plugin vulnerable to Cross-site Scripting

Log Parser Plugin did not escape an error message shown when log parsing patterns are invalid. This resulted in a persisted cross-site scripting vulnerability exploitable by attackers able to control the log parsing rules configuration, typically users with Job/Configure permission. Jenkins appli...

glimmer

This is a Python-based framework called Glimmer, which is a poc proof-of-concept framework for various attacks. The framework is designed to be extensible and allows users to write their own parsers for different protocols and targets. The framework has several dependencies, including rich,...

CVE-2019-10410

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules...

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

V8 Memory Corruption and Stack Overflow fixed in Node v0.8.28 and v0.10.30 A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may...