EUVD-2020-0075

Malware in sbrugna...

CVE-2024-54994

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the firstname and lastname parameters in the Add a new relationship feature...

CVE-2024-54999

MonicaHQ v4.1.2 is affected by a Client-Side Injection vulnerability in the General Information module, exploitable via the last_name parameter. The CVE documents indicate low impact to confidentiality and integrity (C:L, I:L) with no availability impact, and no patch/version fix is specified. A ...

CVE-2024-54994

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the firstname and lastname parameters in the Add a new relationship feature...

CVE-2024-54994

MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the firstname and lastname parameters in the Add a new relationship feature...

CVE-2024-54994

MonicaHQ v4.1.2 is affected by multiple client-side injection vulnerabilities in the Add a new relationship feature, exploitable via the first_name and last_name parameters. The CVE entry (CVE-2024-54994) lists a CVSS v3.1 base score of 6.5 (Medium) with network attack vector, low complexity, no ...

vantage6-server node accepts non-whitelisted algorithms from malicious server

Impact A node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a fake parentid and send a task of a non-whitelisted algorithm. The node will then execute it because the parentid that is set prevents checks from bein...

fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

Impact As a part of this vulnerability, user was able to se code using proto as a tag or attribute name. js const XMLParser, XMLBuilder, XMLValidator = require"fast-xml-parser"; let XMLdata = "hacked" const parser = new XMLParser; let jObj = parser.parseXMLdata; console.logjObj.polluted // should...

CVE-2022-29649

Qsmart Next v4.1.2 was discovered to contain a cross-site scripting XSS vulnerability...

Cross site scripting

Qsmart Next v4.1.2 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-29649

Qsmart Next v4.1.2 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-29649

CVE-2022-29649 affects Qsmart Next version 4.1.2 with a cross-site scripting (XSS) vulnerability. The NVD entry lists CVSS‑3.1: base 6.1 (NETWORK, LOW attack complexity, NONE privileges, UI REQUIRED, CHANGED scope; confidentiality/integrity LOW, availability NONE). Exploitation details are not pr...

Arbitrary File Deletion Vulnerability in ECShop v4.1.2

ECShop is a B2C independent online store system, suitable for businesses and individuals to quickly build a personalized online store. ECShop v4.1.2 has an arbitrary file deletion vulnerability that can be exploited by attackers to delete arbitrary folders...

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Buffer overflow

There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack service interruption via a crafted network setting interface request...