Apache Airflow allows code execution through crafted XCom payloads

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

Medium: python3-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

CVE-2021-2392

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: BI Publisher Security. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2021-2316

Vulnerability in the Oracle HRMS France product of Oracle E-Business Suite component: French HR. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HRMS France. Successful attack...

WordPress AH Shortcodes plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'column' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin AH Shortcodes versions = 1.0.2...

WordPress HR Management Lite plugin <= 3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin HR Management Lite versions = 3.6...

CVE-2025-13635

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

WordPress JB News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin JB News Ticker versions = 1.0...

EUVD-2019-5998

Malware in sbrugna...

EUVD-2019-6175

Malware in sbrugna...

EUVD-2016-1740

Malware in sbrugna...

EUVD-2021-30801

Malicious code in bioql PyPI...

EUVD-2022-43121

Malicious code in bioql PyPI...

EUVD-2023-52553

Malicious code in bioql PyPI...

EUVD-2024-18875

Malicious code in bioql PyPI...

EUVD-2023-52492

Malicious code in bioql PyPI...

EUVD-2023-50114

Malicious code in bioql PyPI...

EUVD-2023-2687

Malicious code in bioql PyPI...

EUVD-2022-48024

Malicious code in bioql PyPI...

WordPress Subscribe To Unlock Plugin <= 1.1.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe To Unlock versions = 1.1.5...