33 matches found
PYSEC-2026-326 dcap-qvl has Missing Verification for QE Identity
Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...
CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...
NRSS Reader 缓冲区错误漏洞
NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...
CVE-2026-22696
dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...
PT-2026-4820
Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...
EUVD-2025-30662
Malicious code in bioql PyPI...
CVE-2025-57996
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through = 0.3.9...
WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Buckets versions = 0.3.9...
CVE-2025-57996
CVE-2025-57996 is a stored XSS vulnerability in the WordPress plugin Buckets (Buckets: 0.3.9 and earlier). The CVSS 3.1 base score is 6.5 (Medium). Attack vector: Network; Attack complexity: Low; Privileges required: Low; User interaction: Required; Scope: Changed; Impact: Confidentiality, Integr...
CVE-2025-57996 WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through = 0.3.9...
WordPress plugin Buckets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-38846
Name of the Vulnerable Software and Affected Versions Buckets versions through 0.3.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-site Scripting XSS. This allows an attacker to inject malicious scripts into...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...
WordPress plugin Realty Portal – Agent 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-28168
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9...
WordPress plugin WordPress Console 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Exposure of Data Element to Wrong Session
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user roles during the login process. An attacker can gain unauthorized access and perform actions without administrative approval...
ape-dasy (=0.1.0) potentially affected by CVE-2024-32481 via vyper (=0.3.9)
vyper PYPI version =0.3.9 is affected by a known vulnerability. The following packages have a transitive dependency on vyper and may be impacted: - ape-dasy =0.1.0 Source cves: CVE-2024-32481 Source advisory: OSV:GHSA-PPX5-Q359-PVWJ...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24563 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24563 Source advisory: OSV:GHSA-52XQ-J7V9-V4V2...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24567 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24567 Source advisory: OSV:GHSA-X2C2-Q32W-4W6M...