20 matches found
CVE-2023-46480
OwnCast v0.1.1 contains a remote code execution vulnerability exploitable via the authHost parameter in the indieauth function. Public sources (NVD/Red Hat/Veracode/GHSA) describe an in-the-wild risk with high impact, including arbitrary code execution and disclosure of sensitive information. The...
Ethereum Blockchain Security Breach
Ethereum Blockchain is a decentralized open source public blockchain platform with smart contract capabilities from the Ethereum Foundation. A security vulnerability exists in Ethereum Blockchain version v0.1.1+commit.6ff4cd6, which stems from the presence of an integer overflow vulnerability tha...
CVE-2020-26710
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26710
CVE-2020-26710 affects the Python package easy-parse v0.1.1. Affected component: XML parsing logic that is vulnerable to XML External Entity Injection (XXE). Underlying cause: improper handling of external entities in XML processing, enabling an attacker to execute arbitrary code via a crafted XM...
`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses
An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...
repo-git-downloader denial-of-service vulnerability
repo-git-downloader is a tool for downloading git repositories. repo-git-downloader v0.1.1 contains a denial of service vulnerability, which stems from the presence of improper regular expressions and can be exploited by attackers to cause a denial of service DOS attack...
CVE-2021-40899
A Regular Expression Denial of Service ReDOS vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories...
CVE-2021-40895
A Regular Expression Denial of Service ReDOS vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements...
CVE-2021-40895
A Regular Expression Denial of Service ReDOS vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements...
Denial of service
A Regular Expression Denial of Service ReDOS vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements...
CVE-2021-40893
A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails...
Denial of service
A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails...
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...
Improper access control
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...
CVE-2019-15603
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting XSS vulnerability via a malicious filename rendered in a directory listing...
Cross site scripting
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting XSS vulnerability via a malicious filename rendered in a directory listing...
CVE-2019-15603
CVE-2019-15603 affects the seefl package v0.1.1, which is vulnerable to a stored XSS via a malicious filename rendered in a directory listing. The root cause is file and directory names being embedded into HTML attributes and link text without proper escaping, enabling an attacker to inject HTML/...
CVE-2019-15603
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting XSS vulnerability via a malicious filename rendered in a directory listing...
Cross site scripting
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...
CVE-2017-6103
CVE-2017-6103 affects the WordPress AnyVar plugin (v0.1.1). Connected sources describe a stored/persistent XSS vulnerability in AnyVar that can lead to execution of arbitrary script in a user’s browser and, per CNVD, potentially access cookie-based credentials. Exploitation details are not provid...