window-control is an npm package that provides tools to manage window focus. Versions before 1.4.5 are vulnerable to Command Injection via the sendKeys function due to improper input sanitization.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2…
This CVE addresses the partial fix for CVE-2019-25075
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. A certain HTML injection combined with path traversal in the Email service in Gravitee API Management before 3.15…
Impact
Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they…
A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information …
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack …
Impact
If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection’s …
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4863
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53…
Summary
MeterSphere allow users to upload file, but not check the file name, may lead to upload file to any path if the file name in upload request is falsified.
Details
Metersphere’s FileUtils.java didn’t check the filePath.
public static void cre…
Impact
The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream.
Patches
XStream 1.4.20 handles the stack overflow and raises…
Impact
Processing issue, nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the ab…
