Missing Authorization

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Missing Authorization via the actionPay process. An attacker can access sensitive customer order information, including email and address details, by submitting an order number and causing the email...

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

PYSEC-2025-118

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

PT-2018-2780 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent versions prior to 5.6.0 Description: The issue is related to a use after free vulnerability in the client component of McAfee Agent. This can be exploited by sending specially crafted HTTP requests, potentially allowing a remote...