14 matches found
@ainsleydev/payload-helper (>=0.0.6 <=0.1.2), @davincicoding/payload-plugin-kit (=0.0.4) +9 more potentially affected by CVE-2026-25544 via @payloadcms/db-sqlite (>=3.0.0-beta.116 <=3.72.0)
@payloadcms/db-sqlite NPM version =3.0.0-beta.116, =0.0.6, =1.1.10, =1.2.0 - payload-smart-deletion =1.0.7 - simple-shop =1.0.0 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBSQLITE-15240188...
EUVD-2025-29527
Malicious code in bioql PyPI...
@-xun/symbiote (>=3.7.0 <=4.11.4), @0x57/pierre (>=0.0.3 <=0.0.16) +879 more potentially affected by unknown CVE via @eslint/plugin-kit (>=0.1.0 <=0.2.8)
@eslint/plugin-kit NPM version =0.1.0, =3.7.0, =0.0.3, =1.1.44, =1.1.14, =0.0.1-alpha.3, =0.0.1, =10.0.0, =10.0.0, =8.3.0, =13.0.0, =2.6.0, =2.2.9, =0.0.2, =35.0.1, =38.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XFFM-G5W8-QVG7...
Regular Expression Denial Of Service (ReDoS)
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, allowing an attacker to increase CPU usage and crash the program...
CVE-2024-21539
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
CVE-2024-21539
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
CVE-2024-21539
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
@2digits/eslint-config (>=2.6.0 <=2.7.0), @2digits/eslint-plugin (>=2.2.9 <=2.3.0) +37 more potentially affected by CVE-2024-21539 via @eslint/plugin-kit (=0.1.0)
@eslint/plugin-kit NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @eslint/plugin-kit and may be impacted: - @2digits/eslint-config =2.6.0, =2.2.9, =0.0.133, =1.23.46, =2.0.1, =20240910.35.32, =13.2.8, =2024.3.44, =2024.3.45 -...
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...
GHSA-7Q7G-4XM8-89CQ Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Crafting a very large and well crafted string can increase the CPU usage and crash the program. POC js const ConfigCommentParser = require"@eslint/plugin-kit"; var str = ""; for var i = 0; i 1000000; i++ str += " "; str += "A"; console.log"start" var parser = new ConfigCommentParser;...
@2digits/eslint-config (>=2.6.0 <=2.7.0), @2digits/eslint-plugin (>=2.2.9 <=2.3.0) +37 more potentially affected by CVE-2024-21539 via @eslint/plugin-kit (=0.1.0)
@eslint/plugin-kit NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @eslint/plugin-kit and may be impacted: - @2digits/eslint-config =2.6.0, =2.2.9, =0.0.133, =1.23.46, =2.0.1, =20240910.35.32, =13.2.8, =2024.3.44, =2024.3.45 -...
Regular Expression Denial of Service (ReDoS)
Overview @eslint/plugin-kit is an Utilities for building ESLint plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...
WordPress Plugin Template Kit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
The vulnerability of the iOS operating system allows a hacker to bypass application validation and install arbitrary extensions.
The vulnerability of the PluginKit component in the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass application validation procedures and install arbitrary extensions using a specially crafted application...