Export limit exceeded: 85552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85552 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28480 1 Jointjs 1 Jointjs 2024-11-21 7.3 High
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.
CVE-2020-28478 1 Greensock 1 Greensock Animation Platform 2024-11-21 7.5 High
This affects the package gsap before 3.6.0.
CVE-2020-28477 2 Immer Project, Redhat 2 Immer, Rhev Manager 2024-11-21 7.5 High
This affects all versions of package immer.
CVE-2020-28472 1 Amazon 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader 2024-11-21 7.3 High
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28471 1 Properties-reader Project 1 Properties-reader 2024-11-21 7.3 High
This affects the package properties-reader before 2.2.0.
CVE-2020-28470 1 Scully 1 Scully 2024-11-21 7.3 High
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
CVE-2020-28468 1 Pwntools Project 1 Pwntools 2024-11-21 8.1 High
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
CVE-2020-28462 1 Ion-parser Project 1 Ion-parser 2024-11-21 7.3 High
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28461 1 Js-ini Project 1 Js-ini 2024-11-21 7.3 High
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28459 1 Markdown-it-decorate Project 1 Markdown-it-decorate 2024-11-21 7.3 High
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
CVE-2020-28458 2 Datatables, Redhat 3 Datatables.net, Rhev Hypervisor, Rhev Manager 2024-11-21 7.3 High
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
CVE-2020-28457 1 S-cart 1 S-cart 2024-11-21 7.2 High
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.
CVE-2020-28456 1 S-cart 1 S-cart 2024-11-21 7.3 High
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
CVE-2020-28455 1 Markdown-it-toc Project 1 Markdown-it-toc 2024-11-21 7.3 High
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
CVE-2020-28450 1 Decal Project 1 Decal 2024-11-21 8.6 High
This affects all versions of package decal. The vulnerability is in the extend function.
CVE-2020-28449 1 Decal Project 1 Decal 2024-11-21 8.6 High
This affects all versions of package decal. The vulnerability is in the set function.
CVE-2020-28442 1 Js-data 1 Js-data 2024-11-21 7.5 High
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
CVE-2020-28441 1 Conf-cfg-ini Project 1 Conf-cfg-ini 2024-11-21 7.3 High
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-28436 1 Google-cloudstorage-commands Project 1 Google-cloudstorage-commands 2024-11-21 7.3 High
This affects all versions of package google-cloudstorage-commands.
CVE-2020-28433 1 Node-latex-pdf Project 1 Node-latex-pdf 2024-11-21 7.3 High
This affects all versions of package node-latex-pdf.