@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XFQJ-R5QW-8G4J...

Double Free

Overview httpmorph is an A Python HTTP client focused on mimicking browser fingerprints. Affected versions of this package are vulnerable to Double Free in the stepreceivingheaders function that allows attackers to trigger a crash by sending a request with an empty body. Remediation Upgrade...

CVE-2025-64170

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

EUVD-2025-3520

Malicious code in bioql PyPI...

PT-2025-33646

Name of the Vulnerable Software and Affected Versions Gianism versions through 5.2.2 rust-keylime affected versions not specified Description An issue exists in Gianism related to improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting condition. A...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

OPENSUSE-SU-2025:15346-1 keylime-ima-policy-0.2.7+117-1.1 on GA media

These are all security issues fixed in the keylime-ima-policy-0.2.7+117-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2025:20491-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation in punycode bsc1243861 - Update to version 0.2.7+70: builddeps: bump wiremock from 0.6.2 to 0.6.3 builddeps: bump uuid from 1.16.0 to 1.17.0 lib: Introduce AgentIdentity structure gitignore:...

OPENSUSE-SU-2025:15294-1 keylime-ima-policy-0.2.7+70-2.1 on GA media

These are all security issues fixed in the keylime-ima-policy-0.2.7+70-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-27195 · WordPress · Samsk Wp Datatable

Name of the Vulnerable Software and Affected Versions: samsk WP DataTable versions 0.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS in samsk WP DataTable...

WordPress plugin WP DataTable 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2022-24193

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability...

CVE-2024-56799

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...

CVE-2025-23902

CVE-2025-23902 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Error Notification (Taras Dashkevych). Affected versions are listed as up to 0.2.7 (scope: from n/a through 0.2.7). The Red Hat advisory confirms the same CVE and description. There are no connected...

WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Error Notification versions = 0.2.7...

WordPress plugin Error Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2024-56799

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...

CVE-2024-56799 Simofa Allows Unauthenticated Access to API Routes

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...

CVE-2024-56799 Simofa Allows Unauthenticated Access to API Routes

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7...