Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7739 1 Phantomjs-seo Project 1 Phantomjs-seo 2024-11-21 8.2 High
This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
CVE-2020-7738 1 Shiba Project 1 Shiba 2024-11-21 8.3 High
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
CVE-2020-7737 1 Safetydance Project 1 Safetydance 2024-11-21 7.3 High
All versions of package safetydance are vulnerable to Prototype Pollution via the set function.
CVE-2020-7736 1 Bmoor Project 1 Bmoor 2024-11-21 7.3 High
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.
CVE-2020-7735 1 Ng-packagr Project 1 Ng-packagr 2024-11-21 6.6 Medium
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
CVE-2020-7734 1 Arachnys 1 Cabot 2024-11-21 8.2 High
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-7733 3 Oracle, Redhat, Ua-parser-js Project 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js 2024-11-21 7.5 High
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVE-2020-7731 1 Gosaml2 Project 1 Gosaml2 2024-11-21 7.5 High
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
CVE-2020-7730 1 Bestzip Project 1 Bestzip 2024-11-21 9.8 Critical
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.
CVE-2020-7729 3 Canonical, Debian, Gruntjs 3 Ubuntu Linux, Debian Linux, Grunt 2024-11-21 7.1 High
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVE-2020-7727 1 Gedi Project 1 Gedi 2024-11-21 9.8 Critical
All versions of package gedi are vulnerable to Prototype Pollution via the set function.
CVE-2020-7726 1 Safe-object2 Project 1 Safe-object2 2024-11-21 9.8 Critical
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.
CVE-2020-7725 1 Guidesmiths 1 Worksmith 2024-11-21 9.8 Critical
All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.
CVE-2020-7724 1 Tiny-conf Project 1 Tiny-conf 2024-11-21 9.8 Critical
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.
CVE-2020-7723 1 Yola 1 Promisehelpers 2024-11-21 9.8 Critical
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.
CVE-2020-7722 1 Nodee-utils Project 1 Nodee-utils 2024-11-21 9.8 Critical
All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.
CVE-2020-7721 1 Node-oojs Project 1 Node-oojs 2024-11-21 9.8 Critical
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
CVE-2020-7720 2 Digitalbazaar, Redhat 3 Forge, Ansible Tower, Openshift Container Storage 2024-11-21 9.8 Critical
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
CVE-2020-7719 1 Locutus 1 Locutus 2024-11-21 9.8 Critical
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
CVE-2020-7718 1 Gammautils Project 1 Gammautils 2024-11-21 9.8 Critical
All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.