8 matches found
built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)
math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...
CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...
@extplug/cors-proxy (>=1.0.0 <=1.0.1), @ir-engine/server-core (=1.6.0) +34 more potentially affected by CVE-2020-36851 via cors-anywhere (>=0.2.5 <=0.4.4)
cors-anywhere NPM version =0.2.5, =1.0.0, =0.0.7, =0.1.0, =0.13.0, =0.0.19, =0.5.0, =0.5.0, =1.0.0, =1.2.0, =1.1.0, =4.0.0, =5.0.0 and more Source cves: CVE-2020-36851 Source advisory: SNYK:JS-CORSANYWHERE-13109647...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...
WordPress Tainá plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Theme Tainá versions 0.2.5...
10chars-test (>=1.0.0 <=1.0.34), 128981semzub (=1.0.1) +1463 more potentially affected by CVE-2024-45296 via path-to-regexp (>=0.2.5 <=1.8.0)
path-to-regexp NPM version =0.2.5, =1.0.0, =4.0.61, =4.0.61, =4.0.61, =0.0.3, =0.0.1, =1.1.11, =2.0.0, =0.0.1, =1.0.0, =3.3.9-patch.1, =3.0.0, =3.0.3 and more Source cves: CVE-2024-45296 Source advisory: OSV:GHSA-9WV6-86V2-598J...
CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber,...
CVE-2022-39352
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...