CVE-2020-16164

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509...

CVE-2020-16162

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CVE-2020-4070

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

CVE-2020-17479

jpv aka Json Pattern Validator before 2.2.2 does not properly validate input, as demonstrated by a corrupted array...

Malicious code in chain-validator (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4209 Malicious code in chain-validator (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

CVE-2019-19507

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

CVE-2019-16929

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

CVE-2017-11365

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator...

Malicious code in evm-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 494cc8b639f73ed70f7e4ee37496ef90ce35133711784f16e856e73ee4badb06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4051 Malicious code in evm-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 494cc8b639f73ed70f7e4ee37496ef90ce35133711784f16e856e73ee4badb06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

Malicious code in fireblocks-netlink-v2-api-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 482068c6f9b5d8fd2076ed53124eac7c2d6c5e4237390c3280188cfaa7ad6554 The OpenSSF Package Analysis project identified 'fireblocks-netlink-v2-api-validator' @ 2.0.2 npm as malicious. It is considered malicious...

Malicious code in node-validator-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2e959ea4d60fa68cfd23f7e2fee922a263bcdfbee4e19662eca073135680b91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4012 Malicious code in node-validator-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2e959ea4d60fa68cfd23f7e2fee922a263bcdfbee4e19662eca073135680b91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

Malicious code in node-crypto-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d77d3f937a0c6f4071e5688241c3222eeb62c0033c93c981570e554400b14d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...