LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib ...……

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in Lib ...……

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the ...……

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an atta ...……

A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted t ...……

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.……

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.……

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.……

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.……

Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome ...……

Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.……

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……

A flaw was found in Openstack manilla owning a Ceph File system share, which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the volumes p ...……

The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.……

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.……

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.……

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located i ...……

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sani ...……

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.……

This affects the package properties-reader before 2.2.0.……

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can ...……

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be ...……

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.……

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.……

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)……

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.……

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.……

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.……

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This c ...……

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js……

This affects all versions of package google-cloudstorage-commands.……

This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.……