CVE-2025-15331

Tanium addressed an uncontrolled resource consumption vulnerability in Connect...

CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...

CVE-2021-36949

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability...

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

Python Data Forgery Problem Vulnerability

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python oic versions prior to 1.2.1, which stems from the fact that there are...

GHSA-3FW8-66WF-PR7M methodOverride Middleware Reflected Cross-Site Scripting in connect

Connect is a stack of middleware that is executed in order in each request. The "methodOverride" middleware allows the http post to override the method of the request with the value of the "method" post key or with the header "x-http-method-override". Because the user post input was not checked,...