Search Results (85550 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28472 1 Amazon 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader 2024-11-21 7.3 High
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28471 1 Properties-reader Project 1 Properties-reader 2024-11-21 7.3 High
This affects the package properties-reader before 2.2.0.
CVE-2020-28470 1 Scully 1 Scully 2024-11-21 7.3 High
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
CVE-2020-28468 1 Pwntools Project 1 Pwntools 2024-11-21 8.1 High
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
CVE-2020-28462 1 Ion-parser Project 1 Ion-parser 2024-11-21 7.3 High
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28461 1 Js-ini Project 1 Js-ini 2024-11-21 7.3 High
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28459 1 Markdown-it-decorate Project 1 Markdown-it-decorate 2024-11-21 7.3 High
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
CVE-2020-28458 2 Datatables, Redhat 3 Datatables.net, Rhev Hypervisor, Rhev Manager 2024-11-21 7.3 High
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CVE-2020-28457 1 S-cart 1 S-cart 2024-11-21 7.2 High
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
CVE-2020-28456 1 S-cart 1 S-cart 2024-11-21 7.3 High
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
CVE-2020-28455 1 Markdown-it-toc Project 1 Markdown-it-toc 2024-11-21 7.3 High
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
CVE-2020-28450 1 Decal Project 1 Decal 2024-11-21 8.6 High
This affects all versions of package decal. The vulnerability is in the extend function.
CVE-2020-28449 1 Decal Project 1 Decal 2024-11-21 8.6 High
This affects all versions of package decal. The vulnerability is in the set function.
CVE-2020-28442 1 Js-data 1 Js-data 2024-11-21 7.5 High
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
CVE-2020-28441 1 Conf-cfg-ini Project 1 Conf-cfg-ini 2024-11-21 7.3 High
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28436 1 Google-cloudstorage-commands Project 1 Google-cloudstorage-commands 2024-11-21 7.3 High
This affects all versions of package google-cloudstorage-commands.
CVE-2020-28433 1 Node-latex-pdf Project 1 Node-latex-pdf 2024-11-21 7.3 High
This affects all versions of package node-latex-pdf.
CVE-2020-28429 1 Geojson2kml Project 1 Geojson2kml 2024-11-21 7.3 High
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
CVE-2020-28426 1 Kill-process-on-port Project 1 Kill-process-on-port 2024-11-21 7.3 High
All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.
CVE-2020-28425 1 Curljs Project 1 Curljs 2024-11-21 7.3 High
This affects all versions of package curljs.