Search Results (83867 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28456 1 S-cart 1 S-cart 2024-11-21 7.3 High
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
CVE-2020-28455 1 Markdown-it-toc Project 1 Markdown-it-toc 2024-11-21 7.3 High
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
CVE-2020-28453 1 Npos-tesseract Project 1 Npos-tesseract 2024-11-21 9.4 Critical
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.
CVE-2020-28451 1 Image-tiler Project 1 Image-tiler 2024-11-21 9.8 Critical
This affects the package image-tiler before 2.0.2.
CVE-2020-28447 1 Xopen Project 1 Xopen 2024-11-21 9.8 Critical
This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)
CVE-2020-28446 1 Ntesseract Project 1 Ntesseract 2024-11-21 9.8 Critical
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
CVE-2020-28445 1 Npm-help Project 1 Npm-help 2024-11-21 9.8 Critical
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.
CVE-2020-28443 1 Sonar-wrapper Project 1 Sonar-wrapper 2024-11-21 9.8 Critical
This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.
CVE-2020-28440 1 Corenlp-js-interface Project 1 Corenlp-js-interface 2024-11-21 9.8 Critical
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.
CVE-2020-28439 1 Corenlp-js-prefab Project 1 Corenlp-js-prefab 2024-11-21 9.8 Critical
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:
CVE-2020-28438 1 Deferred-exec Project 1 Deferred-exec 2024-11-21 9.8 Critical
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js
CVE-2020-28437 1 Heroku-env Project 1 Heroku-env 2024-11-21 9.4 Critical
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
CVE-2020-28436 1 Google-cloudstorage-commands Project 1 Google-cloudstorage-commands 2024-11-21 7.3 High
This affects all versions of package google-cloudstorage-commands.
CVE-2020-28435 1 Ffmpeg-sdk Project 1 Ffmpeg-sdk 2024-11-21 9.4 Critical
This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.
CVE-2020-28434 1 Gitblame Project 1 Gitblame 2024-11-21 9.4 Critical
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.
CVE-2020-28433 1 Node-latex-pdf Project 1 Node-latex-pdf 2024-11-21 7.3 High
This affects all versions of package node-latex-pdf.
CVE-2020-28429 1 Geojson2kml Project 1 Geojson2kml 2024-11-21 7.3 High
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
CVE-2020-28426 1 Kill-process-on-port Project 1 Kill-process-on-port 2024-11-21 7.3 High
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.
CVE-2020-28425 1 Curljs Project 1 Curljs 2024-11-21 7.3 High
This affects all versions of package curljs.
CVE-2020-28424 1 S3-kilatstorage Project 1 S3-kilatstorage 2024-11-21 7.2 High
This affects all versions of package s3-kilatstorage.