CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

EUVD-2025-25181

Malicious code in bioql PyPI...

GHSA-P632-58PP-C9XG moonshine Stored Cross-Site Scripting Vulnerability in Create Article

A stored cross-site scripting XSS vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter...

GHSA-RH9F-GR6Q-MPC4 moonshine Stored Cross-Site Scripting Vulnerability in Create Admin

A stored cross-site scripting XSS vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

moonshine Stored Cross-Site Scripting Vulnerability in Create Admin

A stored cross-site scripting XSS vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

Moonshine 安全漏洞

Moonshine is a MoonShine open source admin panel software. A security vulnerability exists in Moonshine version v3.12.3, which stems from a parameter injection that could lead to a stored cross-site scripting attack...

Moonshine 安全漏洞

Moonshine is a MoonShine open source admin panel software. A security vulnerability exists in Moonshine version v3.12.3, which stems from a parameter injection that could lead to a stored cross-site scripting attack...

PT-2025-33738 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.3 Description: A stored cross-site scripting XSS vulnerability exists in the Create Article function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the Link parameter...

CVE-2024-48045

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through = 3.12.3...

CVE-2024-48045

Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3...

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-32964 · Elementor · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor versions 3.12.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This enables unauthorized acces...

The Snowflake Connector for Python stores sensitive data in logs

Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...

CVE-2024-49750 Snowflake Connector for Python has sensitive data in logs

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Happy Addons for Elementor versions = 3.12.3...

CVE-2024-0397 affecting package python3 for versions less than 3.12.3-1

CVE-2024-0397 affecting package python3 for versions less than 3.12.3-1. An upgraded version of the package is available that resolves this issue...

Oracle Linux 8 : python3 (ELSA-2024-4243)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4243 advisory. 3.12.3-2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 3.12.3-1 - Update to 3.12.3 Related: RHEL-33685 3.12.2-3 - Move all te...

Python DoS Vulnerability (Mar 2024) - Mac OS X

Python is prone to a denial of service DoS vulnerability in libexpat. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BIT-RUBY-2020-5247 HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

WordPress plugin AAWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...