26 matches found
GHSA-2J22-PR5W-6GQ8 Loofah has improper detection of disallowed URIs via `allowed_uri?`
Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...
Deserialization of Untrusted Data
Overview cesargb/laravel-magiclink is a Create secure link for access to private data or login in Laravel without password Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the magiclinks.action database column during the deserialization process. An attacke...
EUVD-2022-43607
Malicious code in bioql PyPI...
EUVD-2023-27759
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-27154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, t...
Fedora: Security Advisory (FEDORA-2025-fba1b24e4b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-5J3W-5PCR-F8HG Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Impact Rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these values are unsafe e.g. contain user input, this can lead to HTML attribute injection and XSS vulnerabilities. Patche...
CVE-2025-47946
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2025-47946
Summary: CVE-2025-47946 affects Symfony UX components. Prior to 2.25.1, rendering {{ attributes }} or using methods returning a ComponentAttributes instance can output unescaped attribute values, risking HTML attribute injection and XSS. The vulnerability affects the Symfony UX Twig component and...
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...
[SECURITY] Fedora 42 Update: python-spotipy-2.25.1-1.fc42
A light weight Python library for the Spotify Web API...
Fedora 41 : python-spotipy (2025-fba1b24e4b)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fba1b24e4b advisory. update to version 2.25.1, CVE-2025-27154 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
FreeBSD : Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions (475d1968-f99d-11ef-b382-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 475d1968-f99d-11ef-b382-b0416f0c4c67 advisory. [email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API...
CVE-2025-27154
CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...
WordPress plugin GiveWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-31258 · D Zero Co. · Basercms +2
Name of the Vulnerable Software and Affected Versions: baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition versions prior to 2.25.1 Description: A directory listing issue allows remote attackers to obtain sensitive information by exposing a list of the uploaded files...