EUVD-2025-203822

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

CVE-2024-13312

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9...

DRUPAL-CONTRIB-2024-076

Open Social is a Drupal distribution for online communities, which ships with a default optional module social\file\private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem. For installations of Open Social prior to version...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076

Open Social is a Drupal distribution for online communities, which ships with a default optional module socialfileprivate to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem. For installations of Open Social prior to version 11.8....

Laravel Starter Security Vulnerability

Laravel Starter is a simple starter project based on Laravel 11.x by Nasir Khan Saikat individual developer. A security vulnerability exists in Laravel Starter version 11.8.0 and earlier versions, which stems from an incorrect manipulation of the parameter Email that results in response...

RWS WorldServer 11.7.3 Session Token Enumeration

Advisory: Session Token Enumeration in RWS WorldServer Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0 Vulnerabili...