CVE-2021-41097

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

WordPress Form to Chat App Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Form to Chat App Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31258 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ea17f8226a8b Credits Ngô Thiên An ancorn from VNPT-VCI...

Prototype pollution in aurelia-path

Impact The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will be Aurelia applications that employ the aurelia-router package. An example is this could allow an attacker to change the prototype of base object class Object by tricki...