mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

CVE-2026-29064 Zarf: Symlink targets in archives are not validated against destination directory

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

Russh 安全漏洞

Russh is a Rust SSH client-side and server-side library from the individual developers at Eugene. A security vulnerability exists in Russh 0.54.0 and earlier versions that stems from improper handling of SSH protocol channel window adjustment messages, which could lead to an integer overflow...

Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

GHSA-H47J-HC6X-H3QQ Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

mongo-express code execution vulnerability

mongo-express is a lightweight web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express versions prior to 0.54.0. An attacker can exploit this vulnerability to execute code with the help of an endpoint using the toBSON method...

Poppler Memory Leak Vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A memory leak vulnerability exists in the 'gmalloc' function of the gmem.cc file in Poppler version 0.54.0. An attacker can exploit this vulnerability to cause a denial of service with the help of a...

Poppler memory leak vulnerability (CNVD-2017-08553)

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A memory leak vulnerability exists in the 'Object::initArray' function of the Object.cc file in Poppler version 0.54.0. An attacker can exploit this vulnerability to cause a denial of service with th...

DEBIAN-CVE-2017-9083

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perftest utility will crash segmentation fault when parsing an invalid PDF file...