A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuth...

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

vite: `server.fs.deny` bypass on Windows alternate paths

@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally sm...

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Maste...

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.