Oscar Arnflo

#9832of 53,633
28.1Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2026-2917
6.1
2026-01-14
Unknown · Aliasvault · CVE-2026-22694
**Name of the Vulnerable Software and Affected Versions** AliasVault versions 0.24.0 through 0.25.2 **Description** AliasVault is a privacy-first password manager with built-in email aliasing. Versions of AliasVault for Android had a problem with how requests for passkeys from Android applications were checked. A malicious application could try to get a passkey response for a website it should not have access to under specific local conditions. The problem was caused by not fully checking the identity, origin, and RP ID of the calling application within the Android credential provider. **Recommendations** Update to AliasVault Android version 0.25.3 or later.
PT-2022-17432
6.8
2022-05-01
Dset · Dset · CVE-2022-25645
**Name of the Vulnerable Software and Affected Versions** dset versions prior to 3.1.2 **Description** The issue arises from the dset function's validation process in 'dset/merge' mode, where it checks for prototype pollution by looking for ` proto `, `constructor`, or `prototype` in the top-level path. However, this check can be bypassed by crafting a malicious object, leading to prototype pollution. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue.
PT-2021-15541
9.8
2021-12-10
Unknown · Gray-Matter · CVE-2021-23639
**Name of the Vulnerable Software and Affected Versions** md-to-pdf versions prior to 5.0.0 **Description** The issue allows for Remote Code Execution (RCE) due to the utilization of the gray-matter library to parse front matter content without disabling the JS engine. **Recommendations** For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the gray-matter library until a patch is available. Restrict access to the md-to-pdf package to minimize the risk of exploitation.
PT-2021-19806
5.4
2021-10-18
Apache · Apache Superset · CVE-2021-32609
**Name of the Vulnerable Software and Affected Versions** Apache Superset versions up to and including 1.1 **Description** The issue allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page, due to incorrect sanitization of titles on the Explore page. **Recommendations** For Apache Superset versions up to and including 1.1, update to a version that correctly sanitizes titles to prevent html injection.