Export limit exceeded: 364053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7691 | 1 Parall | 1 Jspdf | 2024-11-21 | 6.3 Medium |
| In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. | ||||
| CVE-2020-7690 | 1 Parall | 1 Jspdf | 2024-11-21 | 6.1 Medium |
| All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method. | ||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2024-11-21 | 5.9 Medium |
| Data is truncated wrong when its length is greater than 255 bytes. | ||||
| CVE-2020-7688 | 1 Mversion Project | 1 Mversion | 2024-11-21 | 8.4 High |
| The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | ||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-11-21 | 7.5 High |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | ||||
| CVE-2020-7685 | 1 Umbraco | 1 Umbraco Forms | 2024-11-21 | 5.4 Medium |
| This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies. | ||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | ||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | ||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2024-11-21 | 7.5 High |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-11-21 | 7.5 High |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7680 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 6.1 Medium |
| docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page. | ||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.3 High |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | ||||
| CVE-2020-7678 | 1 Node-import Project | 1 Node-import | 2024-11-21 | 8.6 High |
| This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js". | ||||
| CVE-2020-7677 | 3 Debian, Fedoraproject, Thenify Project | 3 Debian Linux, Fedora, Thenify | 2024-11-21 | 8.6 High |
| This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | ||||
| CVE-2020-7675 | 1 Cd-messenger Project | 1 Cd-messenger | 2024-11-21 | 9.8 Critical |
| cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution. | ||||
| CVE-2020-7674 | 1 Access-policy Project | 1 Access-policy | 2024-11-21 | 9.8 Critical |
| access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | ||||
| CVE-2020-7673 | 1 Node-extend Project | 1 Node-extend | 2024-11-21 | 9.8 Critical |
| node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. | ||||
| CVE-2020-7672 | 1 Mosc Project | 1 Mosc | 2024-11-21 | 8.6 High |
| mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution. | ||||
| CVE-2020-7671 | 1 Goliath Project | 1 Goliath | 2024-11-21 | 7.5 High |
| goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. | ||||