Saloon has a Fixture Name Path Traversal Vulnerability

Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...

PT-2026-2197

Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9 Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...

SUSE CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

Session Fixation

Overview Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework Affected versions of this package are vulnerable to Session Fixation. Affected versions of this package are vulnerable to Session Fixation. The session authentication helper fails to clear session...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...