Export limit exceeded: 85552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28480 | 1 Jointjs | 1 Jointjs | 2024-11-21 | 7.3 High |
| The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution. | ||||
| CVE-2020-28478 | 1 Greensock | 1 Greensock Animation Platform | 2024-11-21 | 7.5 High |
| This affects the package gsap before 3.6.0. | ||||
| CVE-2020-28477 | 2 Immer Project, Redhat | 2 Immer, Rhev Manager | 2024-11-21 | 7.5 High |
| This affects all versions of package immer. | ||||
| CVE-2020-28472 | 1 Amazon | 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader | 2024-11-21 | 7.3 High |
| This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28471 | 1 Properties-reader Project | 1 Properties-reader | 2024-11-21 | 7.3 High |
| This affects the package properties-reader before 2.2.0. | ||||
| CVE-2020-28470 | 1 Scully | 1 Scully | 2024-11-21 | 7.3 High |
| This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page. | ||||
| CVE-2020-28468 | 1 Pwntools Project | 1 Pwntools | 2024-11-21 | 8.1 High |
| This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution. | ||||
| CVE-2020-28462 | 1 Ion-parser Project | 1 Ion-parser | 2024-11-21 | 7.3 High |
| This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28461 | 1 Js-ini Project | 1 Js-ini | 2024-11-21 | 7.3 High |
| This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28459 | 1 Markdown-it-decorate Project | 1 Markdown-it-decorate | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-11-21 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28457 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.2 High |
| This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. | ||||
| CVE-2020-28456 | 1 S-cart | 1 S-cart | 2024-11-21 | 7.3 High |
| The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. | ||||
| CVE-2020-28455 | 1 Markdown-it-toc Project | 1 Markdown-it-toc | 2024-11-21 | 7.3 High |
| This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. | ||||
| CVE-2020-28450 | 1 Decal Project | 1 Decal | 2024-11-21 | 8.6 High |
| This affects all versions of package decal. The vulnerability is in the extend function. | ||||
| CVE-2020-28449 | 1 Decal Project | 1 Decal | 2024-11-21 | 8.6 High |
| This affects all versions of package decal. The vulnerability is in the set function. | ||||
| CVE-2020-28442 | 1 Js-data | 1 Js-data | 2024-11-21 | 7.5 High |
| All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. | ||||
| CVE-2020-28441 | 1 Conf-cfg-ini Project | 1 Conf-cfg-ini | 2024-11-21 | 7.3 High |
| This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | 7.3 High |
| This affects all versions of package google-cloudstorage-commands. | ||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2024-11-21 | 7.3 High |
| This affects all versions of package node-latex-pdf. | ||||