EUVD-2025-206237

Spinnaker vulnerable to SSRF due to improper restrictions on http from user input...

CVE-2025-14591

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF Windows and DOS End-of-Record EOR characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally...

EUVD-2025-18910

Malicious code in bioql PyPI...

EUVD-2025-18909

Malicious code in bioql PyPI...

CVE-2025-59363

In One Identity OneLogin prior to 2025.3.0, the GET /api/2/apps endpoint returned OIDC client_secret values alongside app metadata, enabling disclosure of sensitive credentials. This is caused by excessive data being returned by the Apps API v2 and constitutes a breach of confidentiality for OIDC...

CVE-2025-49590

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

CVE-2025-49591

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...

CVE-2025-49591

CVE-2025-49591 (CryptPad 2FA bypass) affects CryptPad versions prior to 2025.3.0. The weakness is in access control enforcement for 2FA, where 2FA can be bypassed if the path parameter length is not 44 characters, enabling an attacker with user credentials to access the victim’s account without e...

CVE-2025-49591 CryptPad 2FA Bypass Vulnerability

CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication 2FA in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the...

CVE-2025-49590 CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting XSS, however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which ...

CVE-2025-49590

CryptPad (before version 2025.3.0) is affected by a Dom-Based XSS via the Link Bouncer feature, where an early-allow code path executes before the URI protocol is checked, allowing a maliciously crafted javascript: URI to bypass filtering. The issue has been patched in 2025.3.0. Affected componen...