Lucene search
K

7 matches found

CVE
CVE
added 2026/06/06 9:14 a.m.67 views

CVE-2026-10725

Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/06/10 9:35 p.m.49 views

CVE-2024-37169

CVE-2024-37169 affects the self-hosted tool @jmondi/url-to-png. Versions before 2.0.3 are vulnerable to arbitrary file read when an attacker leverages Playwright’s screenshot feature to abuse the file wrapper. The issue is mitigated in version 2.0.3, which enforces input URLs to be http/https. Th...

5.3CVSS5.2AI score0.00529EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/06/10 9:35 p.m.73 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS0.00529EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/10 9:35 p.m.9 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References5
OSV
OSV
added 2024/06/10 9:35 p.m.17 views

CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:10 p.m.4 views

Malicious code in protocol-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac7cf1b107d0a039df68b6a90b2dde45d4bad6b65d71ffdd45ab063a1b6c40d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:10 p.m.9 views

MAL-2022-5490 Malicious code in protocol-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac7cf1b107d0a039df68b6a90b2dde45d4bad6b65d71ffdd45ab063a1b6c40d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder