1179 matches found
GHSA-G2H5-CVVR-7GMW esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...
Log Injection
Overview io.jenkins.lib:support-log-formatter is a Java logging formatter extracted to a standalone library. Affected versions of this package are vulnerable to Log Injection in the transformMessage function. An attacker can control log message contents by inserting line break characters CR, LF a...
CVE-2022-50341 cifs: fix oops during encryption
In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR =...
Malicious Package
Overview transform-remove-console is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in transform-remove-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34def0802df34551bb9471a5204d7188e0b1d20db136c605b706bd98166df2d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47354 Malicious code in transform-remove-console (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34def0802df34551bb9471a5204d7188e0b1d20db136c605b706bd98166df2d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of null pointer checking in the xfrmupdateaeparams function, which could lead to a null pointer...
CVE-2025-39797
CVE-2025-39797 concerns the Linux kernel xfrm duplicate SPI handling. The vulnerability arises when Strongswan triggers an XFRM_NETLINK_ALLOC_SPI request, enabling xfrm_alloc_spi() to return success for an SPI already in use, causing multiple inbound SAs to share the same SPI (distinguished only ...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077...
Linux Distros Unpatched Vulnerability : CVE-2022-35093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. CVE-2022-35093 Note that Nessus...
GHSA-QHXP-V273-G94H sanitize-html is vulnerable to XSS through incomprehensive sanitization
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
sanitize-html is vulnerable to XSS through incomprehensive sanitization
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
The CVE-2019-25225 entry has concrete details in connected documents: sanitize-html (pre-2.0.0-beta) is vulnerable to XSS when using the custom transformTags option. The vulnerability originates in sanitizeHtml() in index.js, which does not sanitize content under transformTags, allowing transform...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
Apostrophe sanitize-html 安全漏洞
Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html prior to version 2.0.0-beta, which stems from the sanitizeHtml...
PT-2025-36452
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 2.0.0-beta Description: The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. This allows malicious...