CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

EUVD-2024-0130

Malicious code in bioql PyPI...

CVE-2020-8421

An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in comactionlogs...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the template rendering engine. An attacker can execute arbitrary code on the server by injecting malicious code into templates that are then executed by the serve...

PYSEC-2024-40

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

PT-2024-21907 · Orjson · Orjson

Name of the Vulnerable Software and Affected Versions: orjson versions prior to 3.9.15 Description: The issue is related to the orjson.loads function in orjson, which does not limit recursion for deeply nested JSON documents. This can lead to potential exploitation. Recommendations: For versions...

Vulnerability fixed in Node.js vm2

A vulnerability has been fixed in vm2. vm2 is a package for Node.js and provides a sandbox environment for running untrusted code. The vulnerability allows a malicious party to to break out of the sandbox and thus execute code on the system on which vm2 is running. The way the vulnerability can b...

GHSA-7JXR-CG7F-GPGV vm2 vulnerable to sandbox escape

vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. - vm2 version: 3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the...

CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

CVE-2022-0236

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

Design/Logic Flaw

The WP Import Export WordPress plugin both free and premium versions is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpieprocessfiledownload found in the /includes/classes/class-wpie-general.php file. This made it possible for...

Joomla! cross-site scripting vulnerability (CNVD-2020-21001)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions 3.0.0 through 3.9.15. The vulnerability stems from a lack of proper validation of...

CVE-2020-8419

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...