Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

EUVD-2025-28632

Malicious code in bioql PyPI...

CVE-2025-57805

CVE-2025-57805 affects The Scratch Channel web platform. In versions 1 and 1.1, a POST to the article-publishing endpoint allows posting articles in any category with any date, regardless of login status, indicating an authorization bypass in the publish workflow. The issue has been patched in ve...

CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...