Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install

Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. Impact The bug allows plugin authors to omit provenance signing data from plugins, bypassing plugin signature...

Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...

EUVD-2025-19236

Malicious code in bioql PyPI...

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...

PT-2024-11204 · Unknown · Net::Ipaddress::Util

Name of the Vulnerable Software and Affected Versions: Net::IPAddress::Util versions prior to 5.000 Description: The issue arises from the Net::IPAddress::Util module not properly handling extraneous zero characters in IP address strings. This can lead to attackers bypassing access control based ...

PT-2023-32254 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...

GHSA-QVRW-V9RV-5RJX aiohttp's ClientSession is vulnerable to CRLF injection via method

Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...

PT-2023-7245 · Aiohttp +5 · Aiohttp +5

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.0 Description: The issue is related to improper validation in the aiohttp HTTP client/server framework, allowing an attacker to modify the HTTP request or create a new one if they control the HTTP method. This ca...

CVE-2023-34461

PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...

UBUNTU-CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

New & Improved Qualys WAS Burp Extension Now Available

Last year we released the initial version of the Qualys WAS Burp extension to positive reviews. Customers welcomed the ability to send Burp-identified issues into Qualys Web Application Scanning WAS for centralized viewing and reporting of automated scanner findings plus manual pen-test issues fr...

Unfixed XSS vulnerability at www.hotcdljobs.com

Security researcher Atmon3r, has submitted on 11/01/2012 a cross-site-scripting XSS vulnerability affecting www.hotcdljobs.com, which at the time of submission ranked 2395409 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is...

Unfixed XSS vulnerability at www.meted.ucar.edu

Security researcher AR3SW0RMED, has submitted on 11/01/2012 a cross-site-scripting XSS vulnerability affecting www.meted.ucar.edu, which at the time of submission ranked 33343 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is...

Unfixed XSS vulnerability at www.careerminded.com

Security researcher aSUaBANG, has submitted on 10/02/2012 a cross-site-scripting XSS vulnerability affecting www.careerminded.com, which at the time of submission ranked 1279075 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/02/2012. It is...

Unfixed XSS vulnerability at edailystar.com

Security researcher CMD, has submitted on 09/02/2012 a cross-site-scripting XSS vulnerability affecting edailystar.com, which at the time of submission ranked 102088 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/02/2012. It is currently...

Unfixed XSS vulnerability at www.artchesul.com.br

Security researcher Cr4t3r, has submitted on 09/02/2012 a cross-site-scripting XSS vulnerability affecting www.artchesul.com.br, which at the time of submission ranked 5973541 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/02/2012. It is...

Unfixed XSS vulnerability at www.haus-unterberg.at

Security researcher Cr4t3r, has submitted on 09/02/2012 a cross-site-scripting XSS vulnerability affecting www.haus-unterberg.at, which at the time of submission ranked 8805517 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/02/2012. It is...