All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input…

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. Zafiyet ile ilgili Genel Bilgi,…

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file…

IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…

All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. Zafiyet ile ilgili Genel Bilgi,…

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of…

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional…

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url…

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. Zafiyet ile ilgili Genel Bilgi,…

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of…