Path Traversal

@supabase/auth-js is vulnerable to Path Traversal . The vulnerability is due to missing UUID validation on user-supplied inputs, which allows an attacker to manipulate URL paths and invoke unintended API functions...

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

Prototype Pollution

@cdr0/sg is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied inputs within ref.js , specifically allowing manipulation of the proto and constructor.prototype properties. This allows attackers to alter the behavior of all objects inheriting from the...

Out-of-bounds Read

libgpac.so is vulnerable to Out-of-bounds Reads. The vulnerability exists in the GFErr gffiltergetstats function of filtersession.c due to insufficient checks for user supplied inputs which allows an attacker to cause Out-of-bounds Reads, resulting in a system crash or sensitive information...

Content Spoofing

rdiffweb is vulnerable to content spoofing. An attacker can deliver professionally crafted visual defacements to the right recipients convincingly and provide misleading information to the victims due to improper processing and rendering of user-supplied inputs...

WordPress Download Manager 3.2.42 Cross Site Scripting Vulnerability

Description: Reflected Cross-Site Scripting Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: codename065 Affected Versions: = 3.2.42 CVE ID: CVE-2022-1985 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Rafie Muhammad...

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

Cisco SD-WAN vManage Parameter Injection Vulnerability

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A parameter injection vulnerability exists in Cisco SD-WAN vManage Software that stems from improper validation of user-supplied device...

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

Command injection

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

Code Injection in mateodelnorte/meta-git

Description The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation. POC 1. Create a new directory and insert some test files: bash mkdir tests cd tests touch test touch secret touch files 2...

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...

curl: Signed integer overflow in tool_progress_cb()

Summary: Good afternoon curl security! I built this curl from commit 8144ba38c383718355d8af2ed8330414edcbbc83. We discovered a signed integer overflow in toolprogresscb. Steps To Reproduce: Compiled with the Undefined Behavior Sanitizer enabled. Ran with the following command line: ./curl -q - -T...

CVE-2018-8035

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

Adobe Acrobat Multiple Vulnerabilities - 01 (May 2015) - Mac OS X

Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat"; ifdescription...

IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)

The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request. C Tenable Network Security, Inc...

Pligg Multiple SQL Injection Vulnerabilities

Pligg CMS is prone to multiple SQL injection vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...