Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module developed by Stig for processing CIDR addresses. Versions of Net-CIDR-Lite prior to 0.23 contained security vulnerabilities, which stemmed from improper handling of IPv4-mapped IPv6 addresses, potentially allowing bypasses in IP access control lists...

Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module developed by Stig for handling CIDR addresses. Versions of Net-CIDR-Lite prior to 0.23 contained security vulnerabilities, which stemmed from an unvalidated check of the number of IPv6 groups, potentially allowing IP access control lists to be bypassed...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2023-49773

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23...

EUVD-2025-25071

Malicious code in bioql PyPI...

EUVD-2023-53696

Malicious code in bioql PyPI...

CVE-2025-6221

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-6221

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to 0.23 that stems from improper UserSerializer permissions, which could lead to account takeover...

CVE-2023-27609

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23...

WordPress plugin WP Roles at Registration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...

PT-2024-40267 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The issue concerns a family of functions in PyO3 that read "borrowed" values from Python weak references. These functions were fundamentally unsound because the weak reference does not have ownership o...

PT-2024-39977 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.22.4 PyO3 version 0.22.4 with mitigated functions, to be fully removed in 0.23 Description: A flaw was found in PyO3, causing a use-after-free issue. This can lead to memory corruption or crashes through unsound...

PT-2024-40924 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The family of functions to read "borrowed" values from Python weak references were fundamentally unsound due to the weak reference not having ownership of the value. This could lead to a dangling...

GHSA-6G7W-8WPP-FRHJ Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call completeio and are not affected. rustls::Stream and...