8 matches found
Malicious code in @beyondbday/vibe-terminal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9859c1af428f41ba7f7eb2a1db744705f5644ff2422629d94e3de1ecb59c9405 On every launch of the vibe CLI, dist/vibe.js queries the npm registry for the latest version of @beyondbday/vibe-terminal and, if newer than the...
CVE-2025-67732
Dify (open-source LLM app platform) prior to v1.11.0 exposes API keys in plaintext to the frontend, allowing non-administrator users to view and reuse them. This can enable unauthorized access to third‑party services and potential quota abuse. A fix is available in v1.11.0 or later.
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
CVE-2021-41390
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
Input validation
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...
Ericsson ECM 注入漏洞
Ericsson Ecm is a cloud manager from Ericsson Sweden. A security vulnerability exists in Ericsson ECM versions prior to 18.0 that stems from the fact that in Ericsson ECM prior to 18.0, the security provider endpoint in the user profile management section is vulnerable to CSV injection...