PT-2023-17305 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.3 Description: The issue is related to command injection in the GitHub repository microweber/microweber. Specifically, the "first name" field is vulnerable, allowing for server-side template...

GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm

Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...