ranjit-git

5 exploits Active since Jan 2022
CVE-2022-0155 NOMISEC MEDIUM WORKING POC
follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVSS 6.5
CVE-2022-0355 WRITEUP HIGH WRITEUP
NPM simple-get <4.0.1 - Info Disclosure
Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.
CVSS 8.8
CVE-2022-1330 WRITEUP MEDIUM WRITEUP
fullpage < 4.0.4 - Stored Cross-Site Scripting via Anchor URL
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .
CVSS 5.4
CVE-2022-21704 WRITEUP MEDIUM WRITEUP
log4js < 6.4.0 - Incorrect Default Permissions in Log File Creation
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.
CVSS 5.5
CVE-2022-30765 WRITEUP CRITICAL WRITEUP
Calibre-Web <0.6.18 - SQL Injection
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVSS 9.8