CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +223 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.9.4.1)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.8.1), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +222 more potentially affected by CVE-2026-33180 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.8.2)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.8.1 and more Source cves: CVE-2026-33180 Source advisory: OSV:GHSA-P7M9-V2CM-2H7M...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

UBUNTU-CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

EUVD-2008-1193

Malware in sbrugna...

EUVD-2024-1112

Malicious code in bioql PyPI...

EUVD-2023-1576

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...

BIT-CODEIGNITER-2023-32692

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2023-32692

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

Input validation

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2023-32692

CodeIgniter4 contains a Remote Code Execution vulnerability in the Validation placeholders handled by the Validation library (affecting validation in controllers/models). The issue allows arbitrary code execution and is addressed by upgrading to version 4.3.5 or later. Connected sources corrobora...

GHSA-M6M8-6GQ8-C9FJ Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

CVE-2022-35923 Inefficient Regular Expression Complexity in v8n

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

v8n 安全漏洞

v8n is a JavaScript validation library by the individual developer Bruno C. Couto. A security vulnerability exists in versions of v8n prior to 1.5.1, which stems from the fact that the low complexity of its lowercase and uppercase regular expressions may lead to denial-of-service attacks...