The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-23566
https://github.com/ai/nanoid/pu…

Impact
Due to this library’s use of an inefficient algorithm, it is vulnerable to a denial of service attack when a maliciously crafted input is passed to DecodeFromBytes or other CBOR decoding mechanisms in this library.
Affected versions include vers…

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers se…

Within the Umbraco CMS, a configuration element named “UmbracoApplicationUrl” (or just “ApplicationUrl”) is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the applicatio…

YOURSAY | BAM should look at it positively and wish him well instead. Top national shuttler Lee Zii Jia resigns from BAM While BAM vents at Zii Jia’s exit, world No 1 shuttler shows support PinkLynx6432: National shuttler Lee Zii Jia’s break-up with Ba…

Cross-site Scripting (XSS) – Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-0274
https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4
https:…

NHK広島放送局では、1月29日に「アニメ聖地旅 竹原～広島『たまゆら』の舞台へ～」（午後10：40…

おしゃれな音楽やナビゲーター（DJ）の軽快なトークなど、都会的で若々しいイメージが人気のFMラジオ局…