VYPR

apk package

chainguard/wazuh-dashboard-security-plugin

pkg:apk/chainguard/wazuh-dashboard-security-plugin

Vulnerabilities (3)

  • CVE-2026-42338MedMay 12, 2026
    affected < 4.14.4-r4fixed 4.14.4-r4

    ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emi

  • CVE-2026-41324HigApr 24, 2026
    affected < 4.14.4-r3fixed 4.14.4-r3

    basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing

  • CVE-2026-39983HigApr 9, 2026
    affected < 4.14.4-r2fixed 4.14.4-r2

    basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's pro