PT-2025-41599

Name of the Vulnerable Software and Affected Versions Happy DOM versions 19 and lower Description Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, contains a security issue that could lead to Remote Code Execution RCE attacks. The Node.js VM Context with...

CVE-2020-4045

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

Malicious code in @kp-admin/main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e5dc03ae8edb86b5c5bd3968c80bda004a2d31b59095717c3ca8d4f6c1a9a553 The OpenSSF Package Analysis project identified '@kp-admin/main' @ 20.0.0 npm as malicious. It is considered malicious because: - The package...

Cross-site Scripting in electron-pdf

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1648

CVE-2024-1648 affects electron-pdf 20.0.0. The vulnerability stems from the application not validating user-supplied HTML content, enabling a remote attacker to read arbitrary local files. Root cause identified as improper HTML content validation. Impact is described as remote local-file access; ...

Electron-PDF Security Vulnerability

Electron-PDF is a powerful command line tool from the individual developers at Fraser Xu. A security vulnerability exists in Electron-PDF version 20.0.0, which stems from a failure to validate the HTML content of user input, allowing an attacker to obtain arbitrary local files...

PT-2024-18195

Name of the Vulnerable Software and Affected Versions electron-pdf version 20.0.0 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For...

Malicious code in afterpay-sdk-example-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 npm as malicious. It is considered malicious because: - T...

Design/Logic Flaw

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected...

Unspecified Vulnerability in Nextcloud

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Server prior to 20.0.0 that stems from a recoverable format storage password, even if external storag...

Bitrix24 Web Application Firewall Cross-Site Scripting Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix, USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management.Web Application Firewall is one of the Web Application Firewalls. A cross-site scripting vulnerability...

PT-2020-12305 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 20.0.0.Final Description: A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack...

CVE-2020-4045 Information disclosure in SSB-DB

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

Oracle GraalVM Enterprise Edition Unauthorized Access Vulnerability (CNVD-2020-26995)

Oracle GraalVM is the United States Oracle Oracle company's set of instant compiler written in the Java language. A security vulnerability exists in Oracle GraalVM in the Tools component of Oracle GraalVM Enterprise Edition versions 19.3.1 and 20.0.0. An attacker could exploit the vulnerability t...