VYPR

SDK

by Dart

Source repositories

CVEs (9)

  • CVE-2026-9058CriMay 25, 2026
    risk 0.60cvss epss 0.00

    Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established…

  • CVE-2026-27704Feb 25, 2026
    risk 0.00cvss epss 0.00

    The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package in the pub cache, a…

  • CVE-2022-3095Oct 27, 2022
    risk 0.00cvss epss 0.01

    The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to…

  • CVE-2022-28605May 31, 2022
    risk 0.00cvss epss 0.02

    Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

  • CVE-2022-0451Feb 18, 2022
    risk 0.00cvss epss 0.01

    Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to…

  • CVE-2021-22568Dec 9, 2021
    risk 0.00cvss epss 0.01

    When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on…

  • CVE-2021-22540Apr 22, 2021
    risk 0.00cvss epss 0.01

    Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

  • CVE-2020-8923Mar 26, 2020
    risk 0.00cvss epss 0.00

    An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and…

  • CVE-2019-17520Feb 10, 2020
    risk 0.00cvss epss 0.02

    The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.