CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

Improper Enforcement of Behavioral Workflow

Overview Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow via the starttls function. An attacker can intercept and manipulate the communication by injecting a crafted response before the client completes sending the command, causing the connection to...

Cloudflare Public Bug Bounty: AI Playground XSS to steal user-chat messages and access to connected MCP Server

A reflected XSS vulnerability was discovered in the AI Playground OAuth handler due to unescaped interpolation of the errordescription parameter into a script tag. The issue has been patched, and users of the open-source Agents SDK should upgrade to v0.3.10...

EUVD-2012-0101

Malware in sbrugna...

EUVD-2023-0264

Malicious code in bioql PyPI...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.10, which stems from the lack of an authentication mechanism in the api/v1/utils/pdf endpoint, which allows an unauthenticated attacke...

pyspider 安全漏洞

pyspider is a powerful web crawler system open-sourced by Roy Binux. A security vulnerability exists in pyspider v0.3.10 and earlier versions, which stems from vulnerability to cross-site request forgery initiated via a Flask endpoint...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2024-28372 · Pyspider · Pyspider

Name of the Vulnerable Software and Affected Versions: pyspider versions 0.3.10 and earlier Description: The issue allows for Cross Site Scripting XSS via the /update endpoint. This affects products that are no longer supported by the maintainer. Recommendations: For versions 0.3.10 and earlier, ...

CVE-2024-39162

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PT-2024-24738 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: The issue arises when the raw log builtin is called with memory or storage arguments to be used as topics, resulting in incorrect values being logged. This is due to the build IR function of the...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and prior versions, which stems from a security issue with the built-in sqrt parameter...

PT-2024-24739 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. The...

CVE-2024-24564 Vyper extract32 can ready dirty memory

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

PT-2024-21300 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and earlier Description: The issue arises when an excessively large value is specified as the starting index for an array in abi decode, causing the read position to overflow. This results in the decoding of values outsi...

PYSEC-2024-150

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...