PT-2026-31674

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchain lookup payload"urls". The implementation uses the...

CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...

Cross site scripting

skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...

PT-2021-14350 · Pypi +3 · Pysaml2 +3

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures in PySAML2, a pure python implementation of SAML Version 2 Standard. Users of PySAML2 that use the default...

UBUNTU-CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

Grails console CSRF vulnerability

Grails is a set of open source framework for rapid Web application development , it is based on the Groovy programming language , and built on top of Spring, Hibernate and other open source frameworks , is a highly productive one-stop framework . Grails has a security vulnerability , an attack ca...