All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. Date published : 2020-02-18 https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. Date published : 2020-02-18 https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. Date published : 2020-02-18 https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b https://snyk.io/vuln/SNYK-JS-BODYMEN-548897
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. Date published : 2020-02-18 https://github.com/dottgonzo/node-promise-probe/commit/0d9affb67fc1ad985903536d35372cf55efe5a45, https://snyk.io/vuln/SNYK-JS-PROMISEPROBE-546816
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. Date published : 2020-02-18 https://github.com/J3rryBl4nks/IceHRM/blob/master/AddNewUserCSRF.md
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. Date published : 2020-02-18 https://github.com/J3rryBl4nks/IceHRM/blob/master/ChangeUserPasswordCSRF.md
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. Date published : 2020-02-18 https://github.com/J3rryBl4nks/SOPlanning/blob/master/InjectionIcalShell.md
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. Date published : 2020-02-18 https://github.com/J3rryBl4nks/SOPlanning/blob/master/SQLInjectionProjects.md
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. Date published : 2020-02-18 https://github.com/J3rryBl4nks/SOPlanning/blob/master/AddUserCSRF.md
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. Date published : 2020-02-18 https://github.com/J3rryBl4nks/SOPlanning/blob/master/AdminPasswordChangeCSRF.md
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. Date published : 2020-02-18 https://github.com/J3rryBl4nks/PHPMyChatPlus/blob/master/SQLi.md
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security...
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. Date published : 2020-02-18 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. Date published : 2020-02-18 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7