12 matches found
@ranfdev/deepobj has a Prototype Pollution vulnerability
Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...
PT-2026-41216
Name of the Vulnerable Software and Affected Versions deepobj versions prior to 1.0.3 Description Prototype pollution occurs when property paths contain proto , constructor, or prototype. This issue arises when property paths are exposed as user input, allowing an attacker to modify the prototype...
EUVD-2026-21064
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...
CVE-2025-66452
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...
CVE-2025-66452
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...
EUVD-2020-0593
Malware in sbrugna...
PT-2025-23663 · Hibernate +3 · Hibernate Validator +3
CVE-2025-35036 Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expres… https://t.co/002YgA2hEa...
CVE-2025-0055
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in...
CVE-2024-12380
GitLab EE/CE vulnerable in affected releases (11.5–17.7.7; 17.8–17.8.5; 17.9–17.9.2) due to certain user inputs in repository mirroring settings that could expose sensitive authentication information. Impact: potential disclosure of credentials with network access; no user interaction required. E...
AZL-43329 CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
[SECURITY] [DSA 467-1] New ecartis packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 467-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 23rd, 2004 http://www.debian.org/security/faq -...
Дырка в Nokia 7110 Wap Browser
Браузер хранит ввод пользователя в переменных, к которым могут обратиться скрипты с других сайтов...