Lucene search
+L

171 matches found

OSV
OSV
added 2026/02/03 8:49 p.m.4 views

GHSA-XQG6-98CW-GXHQ Prototype Pollution via FormData Processing in Qwik City

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and...

9.3CVSS5.6AI score0.00624EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/02/03 8:47 p.m.8 views

qwik-lottie (>=0.0.5 <=0.0.6), storybook-framework-qwik (>=0.0.1 <=0.0.4) potentially affected by CVE-2026-25148 via @builder.io/qwik-city (>=0.0.112 <=0.0.128)

@builder.io/qwik-city NPM version =0.0.112, =0.0.5, =0.0.1, =0.0.4 Source cves: CVE-2026-25148 Source advisory: OSV:GHSA-M6JQ-G7GQ-5W3C...

6.1CVSS5.8AI score0.00307EPSS
Exploits0
OSV
OSV
added 2026/02/03 8:47 p.m.5 views

GHSA-M6JQ-G7GQ-5W3C Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

5.3CVSS6AI score0.00307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/03 8:47 p.m.9 views

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

6.1CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Qwik 跨站请求伪造漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.12.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from spelling errors in regular expressions, resulting in incorrect parsing of certain Content-Type headers...

7.1CVSS5.7AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6447

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

5.3CVSS6AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.22 views

PT-2026-6274

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.2 views

PT-2026-6399

Summary Description An Open Redirect CWE-601 vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from t...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6276

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description Qwik City’s server-side request handler inconsistently interprets HTTP request headers. This can be exploited by a remote attacker to bypass Cross-Site Request Forgery CSRF protections on forms using...

5.9CVSS5.6AI score0.00159EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

Qwik 输入验证错误漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from an open redirection vulnerability in the default request handler middleware, which could allow a remote attacker to...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.11 views

Qwik 跨站请求伪造漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from inconsistent interpretation of HTTP request headers by the server-side request processing logic, allowing remote attackers t...

5.9CVSS5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.13 views

PT-2026-6277

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.12.0 Description Qwik is a javascript framework. A regular expression typo within the isContentType function causes incorrect parsing of certain Content-Type headers. Recommendations Update to version 1.12.0 or later...

7.1CVSS5.4AI score0.00129EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Qwik 跨站脚本漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from server-side rendering of virtual property serialization, which allowed remote attackers to inject arbitrary web scripts...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6499

Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto , constructor, and...

9.3CVSS5.7AI score0.00624EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Qwik 安全漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from a prototype pollution vulnerability in the formToObj function, which could allow unauthenticated attackers to contaminate Object.prototype,...

10CVSS5.8AI score0.00624EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6275

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description Qwik is a performance focused javascript framework. A prototype pollution issue exists in the formToObj function within the @builder.io/qwik-city middleware. The function processes form field names usi...

9.3CVSS5.5AI score0.00624EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.10 views

CVE-2024-41677

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS5.8AI score0.00497EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1288

Malware in sbrugna...

7.5CVSS6.4AI score0.0246EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-20869

Malicious code in bioql PyPI...

9.2CVSS6.4AI score0.00304EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2023-1261

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00269EPSS
Exploits1References6
Rows per page
Query Builder