VYPR
Vendor

Dart

Products
6
CVEs
13
Across products
15
Status
Private

Products

6

Recent CVEs

13
  • CVE-2026-9058CriMay 25, 2026
    risk 0.60cvss epss 0.00

    Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established…

  • CVE-2008-4652Oct 22, 2008
    risk 0.04cvss epss 0.10

    Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.

  • CVE-2007-2856May 24, 2007
    risk 0.04cvss epss 0.07

    Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to…

  • CVE-2012-3819Oct 4, 2012
    risk 0.03cvss epss 0.02

    Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.

  • CVE-2026-27704Feb 25, 2026
    risk 0.00cvss epss 0.00

    The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package in the pub cache, a…

  • CVE-2022-3095Oct 27, 2022
    risk 0.00cvss epss 0.01

    The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to…

  • CVE-2022-28605May 31, 2022
    risk 0.00cvss epss 0.02

    Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

  • CVE-2022-0451Feb 18, 2022
    risk 0.00cvss epss 0.01

    Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to…

  • CVE-2021-22568Dec 9, 2021
    risk 0.00cvss epss 0.01

    When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on…

  • CVE-2021-22540Apr 22, 2021
    risk 0.00cvss epss 0.01

    Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

  • CVE-2020-8923Mar 26, 2020
    risk 0.00cvss epss 0.00

    An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and…

  • CVE-2019-17520Feb 10, 2020
    risk 0.00cvss epss 0.02

    The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

  • CVE-2007-2855May 24, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.