Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the...

MAL-2025-9069 Malicious code in @malware-test-wheel-yokel-alley-altar/test-mlw3-wheel-yokel-alley-altar (npm)

The package @malware-test-wheel-yokel-alley-altar/test-mlw3-wheel-yokel-alley-altar was found to contain malicious code...

GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

Malicious code in terraform-binary-wheel (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6599 Malicious code in terraform-binary-wheel (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-3627

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

CVE-2024-47311

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through = 1.1.8...

CVE-2023-51408

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3...

WordPress WP Optin Wheel Plugin <= 1.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin WP Optin Wheel versions = 1.4.7...

Malicious code in highcharts-mouse-wheel-zoom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd3e7a1a5ccec6d7ad964e3183a5e78bcfd9722281b8205094e72ffcda8c26d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3190 Malicious code in highcharts-mouse-wheel-zoom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd3e7a1a5ccec6d7ad964e3183a5e78bcfd9722281b8205094e72ffcda8c26d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-31824

Server-Side Request Forgery SSRF vulnerability in Wombat Plugins WP Optin Wheel wp-optin-wheel allows Server Side Request Forgery.This issue affects WP Optin Wheel: from n/a through = 1.4.7...

CVE-2025-31824

Server-Side Request Forgery SSRF vulnerability in Wombat Plugins WP Optin Wheel wp-optin-wheel allows Server Side Request Forgery.This issue affects WP Optin Wheel: from n/a through = 1.4.7...

CVE-2025-31824

CVE-2025-31824 — WP Optin Wheel SSRF (WordPress plugin) Affected: WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce (versions from n/a to 1.4.7). Description: Server-Side Request Forgery (SSRF) vulnerability reported in the WP Optin Wheel plugin. The CVSS vector p...

CVE-2025-31824 WordPress WP Optin Wheel Plugin <= 1.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7...

WordPress plugin WP Optin Wheel 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-14205 · Wombat Plugins · Wp Optin Wheel

Name of the Vulnerable Software and Affected Versions: Wombat Plugins WP Optin Wheel versions 1.4.7 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentially force the...

Security Bulletin: There is a vulnerability in Python wheel package for the setuptools library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the setuptools library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow...

Security Bulletin: There is a vulnerability in the wheel package for the Virtualenv library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the wheel package for the Virtualenv library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-53899 DESCRIPTION: virtualenv before 20.26.6 allows...

Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...