Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it.....
9.1CVSS
9AI Score
0.009EPSS
The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key...
7.5CVSS
7.4AI Score
0.006EPSS