@bassist/eslint-config (>=0.3.0 <=0.5.0), @bassist/oxc-integration (>=0.1.0 <=0.2.0) +10 more potentially affected by unknown CVE via @lint-md/parser (>=0.0.11 <=0.0.9)

@lint-md/parser NPM version =0.0.11, =0.3.0, =0.1.0, =2.0.0, =2.0.0, =2.1.4, =2.1.4, =4.1.0, =1.1.0, =1.19.7, =1.1.0, =1.0.0, =1.3.4, =1.3.5 Source cves: unknown CVE Source advisory: SNYK:JS-LINTMDPARSER-16755088...

Translated Lara Translate MCP Server 命令注入漏洞

Translated Lara Translate MCP Server is a Translated open source application. A command injection vulnerability exists in Translated Lara Translate MCP Server version 0.0.11 and earlier, which stems from insufficient cleanup of input parameters and could lead to a command injection attack...

PT-2024-28308 · Airvertco · Airvertco Frappejs

Name of the Vulnerable Software and Affected Versions: airvertco frappejs version 0.0.11 Description: The issue is related to a prototype pollution vulnerability via the registerView function. This allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

generator-hottowel 跨站脚本漏洞

generator-hottowel is a Yo generator by John Papa Personal Developer. Angular applications are created with HotTowel. A cross-site scripting vulnerability exists in generator-hottowel version 0.0.11, which stems from an issue with unknown functionality in the file app/templates/src/server/app.js ...

PT-2023-10344 · Unknown · Generator-Hottowel

Name of the Vulnerable Software and Affected Versions: generator-hottowel version 0.0.11 Description: A problematic issue was found in the 404 Error Handler component, specifically in the file app/templates/src/server/ app.js. This issue leads to cross-site scripting and can be exploited remotely...

Directory Traversal in list-n-stream

Affected versions of list-n-stream resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

GHSA-23VF-5G53-HM9Q Directory Traversal in list-n-stream

Affected versions of list-n-stream resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Fedora 26 : sensible-utils (2017-80c6b4d3be)

Update to version 0.0.11, see http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils /sensible-utils0.0.11changelog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted t...

UBUNTU-CVE-2017-17512

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

Marp vulnerable to improper access control in JavaScript execution

Overview Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the...