[SECURITY] Fedora 44 Update: nodejs-aw-webui-0^20260516.8d9a7f8-1.fc44

A web-based UI for ActivityWatch, built with Vue.js...

PT-2026-38296

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 2.5.2 Description The PropertyCard.vue component uses the Vue 3 v-html directive, which injects raw HTML and disables auto-escaping. The isURL function only filters values that parse as http: or https: URLs, allowing...

CVE-2026-41239

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

vuetify 安全漏洞

vuetify is a material component framework for Vue open-sourced by vuetify Germany. A security vulnerability exists in vuetify version 2.2.0-beta.2 through versions prior to 3.0.0-alpha.10, which stems from a prototype contamination in the Preset configuration, which could result in contaminating...

Linux Distros Unpatched Vulnerability : CVE-2024-9506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. CVE-2024-9506 Note that Nessus...

CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...

CVE-2025-30150

CVE-2025-30150 affects Shopware 6 platforms. The vulnerability allows an attacker using the store-api to determine whether an email address is registered by querying /store-api/account/recovery-password ; responses differentiate between found vs not found accounts, enabling information exposure. ...

CicadasCMS 注入漏洞

CicadasCMS is a content management framework developed based on SpringBoot Mybatis SpringSecurity Vue by westboy Individual Developer in China. An injection vulnerability exists in CicadasCMS version 1.0, which stems from vulnerability to SQL injection attacks...

Exploit for CVE-2025-30208

Blog Recommendations https://w8ay.fun/toc Recently, a po...

CVE-2024-11628

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

Vue 安全漏洞

Vue is an HTML, CSS, and JS framework open-sourced by Vue. It is used to develop web applications with fine-grained reactivity. Vue suffers from a security vulnerability that stems from vulnerability to cross-site scripting attacks, where an attacker can change the prototype chain of certain...

MAL-2024-3836 Malicious code in @ozon-shared-deps/vue-clipboard2 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3837 Malicious code in vue-datadog (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

Malicious code in vue2-webviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a66e858fcc284e27c0e0ac5e2d76de3b0f6c670ac21a185369832d45f40f5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IceCMS 安全漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . An access control error vulnerability exists in IceCMS v1.0.0, which stems from improper access control in the system and can be exploited by an attacker to cause sensitive information leakage...

vue2-baremetrics-calendar (>=0.1.0 <=1.6.1) potentially affected by CVE-2021-32859 via baremetrics-calendar (=1.0.14)

baremetrics-calendar NPM version =1.0.14 is affected by a known vulnerability. The following packages have a transitive dependency on baremetrics-calendar and may be impacted: - vue2-baremetrics-calendar =0.1.0, =1.6.1 Source cves: CVE-2021-32859 Source advisory: OSV:GHSA-465F-MXXH-GRC4...

Gin-Vue-Admin SQL注入漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin. Gin-Vue-Admin is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...

CVE-2022-24744

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

CVE-2022-24747 HTTP caching is marking private HTTP headers as public

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...

CVE-2022-24748 Incorrect Authentication in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...