CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

Updated leptonica packages fix a security vulnerability

Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

PHP WDDX Serializier Data Injection Vulnerability-vulnerability warning-the black bar safety net

PHP WDDX Serializier Data Injection Vulnerability Taoguang Chen - 2014.11.2 PHP in the array is serialized into a WDDX structure of the process, there is no array key name strictly limited, can lead to falsification of the object WDDX structure. i serialize the object PHP in the object is...