Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

sepal-ui (>=2.10.0 <=2.16.3), stactools-planet (>=0.1.0 <=0.1.6) potentially affected by CVE-2023-32303 via planet (>=1.4.6 <=2.0.0rc2)

planet PYPI version =1.4.6, =2.10.0, =0.1.0, =0.1.6 Source cves: CVE-2023-32303 Source advisory: OSV:PYSEC-2023-71...

sepal-ui (>=2.10.0 <=2.16.3), stactools-planet (>=0.1.0 <=0.1.6) potentially affected by CVE-2023-32303 via planet (>=1.4.6 <=2.0.0rc2)

planet PYPI version =1.4.6, =2.10.0, =0.1.0, =0.1.6 Source cves: CVE-2023-32303 Source advisory: OSV:GHSA-J5FJ-RFH6-QJ85...

Kozea Radicale Authentication Error Vulnerability

Kozea Radicale, a project of the French company Kozea, is a free and open source CalDAV Calendar Synchronization Open Protocol and CardDAV Address Book Synchronization Open Protocol server solution. An authentication error vulnerability exists in Kozea Radicale versions prior to 1.1.2 and 2.x...

CVE-2013-1470

Cross-site scripting XSS vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendartype parameter to submit.php...

Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery (File Creation)

Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery File Creation --------------------------------------------------- Exploit Title: Pligg CMS - CSRF Vulnerability Author: DaOne Vendor Homepage: http://pligg.com/ Download link: https://github.com/Pligg/pligg-cms/archive/2.0.0rc2.zip Category:...