CVE-2025-13209

A weakness has been identified in bestfeng oagitfree up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity...

CVE-2025-13209 bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference

A weakness has been identified in bestfeng oagitfree up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity...

EUVD-2021-2233

Malware in sbrugna...

Prototype pollution vulnerability in 'predefine'

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

access-token (=0.1.1), assign (>=0.1.0 <=0.1.4) +25 more potentially affected by CVE-2020-28280 via predefine (>=0.0.1 <=0.0.6)

predefine NPM version =0.0.1, =0.1.0, =0.0.1, =0.2.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4 and more Source cves: CVE-2020-28280 Source advisory: OSV:GHSA-MX3X-GHQM-R43H...

GHSA-MX3X-GHQM-R43H Prototype pollution vulnerability in 'predefine'

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

Prototype Pollution

predefine is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of proto header values...

CVE-2020-28280

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28280

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28280

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28280

The CVE-2020-28280 entry concerns the Node.js package/code path for predefine . Affected versions are 0.0.0 through 0.1.2 , where a prototype pollution vulnerability exists due to unsafe object or prototype handling. The underlying impact, as described in connected documents, includes potential d...

Bigpipe predefine security breach

Bigpipe Predefine is a code library for managing Object.defineProperties objects in the Javascript language by the Bigpipe individual developers. A security vulnerability exists in predefine versions 0.0.0 through 0.1.2 that can be exploited by an attacker to cause a denial of service and...