CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37271
https://notcve.org/view.php?id=CVE-2021-37271
28 Sep 2021 — Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en UEditor versión v1.4.3.3, que puede ser explotada por un atacante para conseguir información de las cookies del usuario • https://www.cnvd.org.cn/flaw/show/3243916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39227 – Fix prototype pollution in the zrender merge and clone helper methods
https://notcve.org/view.php?id=CVE-2021-39227
17 Sep 2021 — ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. • https://github.com/ecomfe/zrender/pull/826 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22741
https://notcve.org/view.php?id=CVE-2020-22741
19 Jul 2021 — An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. Se ha detectado un problema en Xuperchain versiones 3.6.0, que permite a atacantes recuperar la clave privada de cualquier usuario arbitrario después de obtener la firma parcial en la multifirma • https://github.com/xuperchain/xuperchain/issues/782 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18145
https://notcve.org/view.php?id=CVE-2020-18145
14 Jul 2021 — Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en umeditor versión v1.2.3, por medio del archivo /public/common/umeditor/php/getcontent.php • https://github.com/fex-team/umeditor/issues/624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0692
https://notcve.org/view.php?id=CVE-2018-0692
15 Nov 2018 — Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en la versión 3.2.0.191 y anteriores de 43.23.1000.500 permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN77885134/index.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10697
https://notcve.org/view.php?id=CVE-2016-10697
04 Jun 2018 — react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. react-native-baidu-voice-synthesizer es un sintetizador de voz de baidu para react native... • https://nodesecurity.io/advisories/302 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14744
https://notcve.org/view.php?id=CVE-2017-14744
26 Sep 2017 — UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.4.3.3 de UEditor mediante el atributo SRC de un elemento IFRAME. • http://ueditor.baidu.com/website/changelog.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2221
https://notcve.org/view.php?id=CVE-2017-2221
04 Aug 2017 — Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de tipo ruta de búsqueda no confiable en el instalador de Baidu IME Ver3.6.1.6 y anteriores permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • https://jvn.jp/en/jp/JVN17788774/index.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2219
https://notcve.org/view.php?id=CVE-2017-2219
09 Jun 2017 — Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta (path) de búsqueda no segura en el instalador de [Simeji para Windows] (archivo simeji.exe), permite a un atacante alcanzar privilegios por medio de un archivo DLL de tipo caballo de Troya en un directorio no especificado. • http://jvn.jp/en/jp/JVN31236539/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7444
https://notcve.org/view.php?id=CVE-2014-7444
19 Oct 2014 — The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Baidu Navigation (también conocida como com.baidu.navi ) 3.5.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manip... • http://www.kb.cert.org/vuls/id/394177 • CWE-310: Cryptographic Issues •