Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 0.1.12 have security vulnerabilities; these vulnerabilities stem from defects in the generated regular expressions, which may lead to denial-of-servi...

[SECURITY] Fedora 43 Update: rust-weezl-0.1.12-3.fc43

Fast LZW compression and decompression...

WordPress WP MultiTasking plugin <= 0.1.12 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress WP MultiTasking plugin <= 0.1.12 - Welcome Popup Update via CSRF vulnerability

Welcome Popup Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

WordPress WP MultiTasking plugin <= 0.1.12 - Exit Popup Update via CSRF vulnerability

Exit Popup Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...

oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

GHSA-RVR2-R3PV-5M4P oneshot has potential Use After Free when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

EUVD-2018-20713

Malware in sbrugna...

EUVD-2025-28661

Malicious code in bioql PyPI...

CVE-2025-58062

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

CVE-2025-58062

CVE-2025-58062 affects LSTM-Kirigaya’s openmcp-client (VSCode plugin for MCP developers) prior to version 0.1.12. On Windows, if a user connects to an attacker-controlled MCP server, an attacker can provision a malicious authorization server endpoint that enables an OS command injection in the op...

PT-2025-35147

Name of the Vulnerable Software and Affected Versions: openmcp-client versions prior to 0.1.12 Description: openmcp-client, a VS Code plugin for MCP developers, contains a flaw where a malicious authorization server endpoint can be provisioned by an attacker when a user on a Windows platform...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access controls in the channel members API endpoint. An attacker can gain unauthorised access to metadata about members of public channels as a guest user by exploiting this securit...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access control restrictions for System Manager roles. An attacker can gain unauthorized access via direct API requests to team endpoints and perform actions reserved for System...

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

CVE-2024-6857

CVE-2024-6857 concerns the WP MultiTasking WordPress plugin (versions &lt;= 0.1.12) where updating Header/Footer/Body Script Settings lacks CSRF protection. Exploitation could allow an attacker to force logged-in admins to perform these updates via CSRF. Public sources in connected docs confirm t...

WordPress plugin WP MultiTasking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...