kreeksec
kreeksec
# Description A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are...
Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()` or `path.evaluateTruthy()`...
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. CVE-2024-25710
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution...
**What changed? Why?** We discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless...
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow...
`snyk/snyk-apps-demo` project was used ejs (aka Embedded JavaScript templates) lacks certain pollution protection. [email protected], Insufficient Prototype Pollution Validation Leading to RCE Exploitation * With prototype pollution, set opts.client to truthy...
https://github.com/WeblateOrg/weblate/blob/10ca938b5fe85a5fb9ada89483c84c5db8feb7a3/weblate/utils/render.py#L99-L99 Fix the issue `render_template` function should use a sandboxed environment for template rendering. Django's template system does not provide a built-in sandbox, but switching to Jinja2's `SandboxedEnvironment` can address...