@maslowai/roster (=3.14.0), drafted (>=1.1.3 <=1.7.17) potentially affected by CVE-2026-42349 via @clerk/express (>=2.0.8 <=2.1.15)

@clerk/express NPM version =2.0.8, =1.1.3, =1.7.17 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

Malicious code in hyatt-residential-roster (npm)

Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...

MAL-2025-48691 Malicious code in hyatt-residential-roster (npm)

Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...

EUVD-2021-13582

Malware in sbrugna...

EUVD-2016-10715

Malware in sbrugna...

EUVD-2006-6833

Malware in sbrugna...

EUVD-2004-2381

Malware in sbrugna...

EUVD-2019-7043

Malware in sbrugna...

EUVD-2016-2939

Malware in sbrugna...

EUVD-2015-8565

Malware in sbrugna...

CVE-2024-33850

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...

CVE-2024-51850

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...

CVE-2021-26795

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

Autolab 安全漏洞

Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab 3.0.2 and prior versions that stems from the ability of users to change their first or last name, which could lead to the disclosu...

PT-2024-35698 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...

CVE-2024-51850

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...

CVE-2024-51850 WordPress WoW Guild Armory Roster plugin <= 0.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...