All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. Zafiyet ile ilgili Genel Bilgi,…

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This…

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper…

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to…

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input…

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. Zafiyet ile ilgili Genel Bilgi,…

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file…

IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…

All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. Zafiyet ile ilgili Genel Bilgi,…

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of…