GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

CVE-2024-38744

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution by implanting a malicious wheel file in pip's installation directory, which will replace the module being installed and get executed during installation. Note: The specific vulnerable behavior arises because...

CVE-2025-0614

Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted...

CVE-2025-0615

CVE-2025-0615 affects Qualifio’s Wheel of Fortune. The vulnerability is an input validation issue in the Wheel of Fortune component that allows an attacker to insert a '+' into an email address to access the application and win prizes multiple times. Concrete details across sources confirm the af...

CVE-2025-0614 Input validation vulnerability in Qualifio's Wheel of Fortune

Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted...

CVE-2025-0614

The CVE-2025-0614 entry concerns Qualifio's Wheel of Fortune. The issue is an input-validation weakness that lets an attacker alter a single email’s letter case to access the application and repeatedly win prizes. Public references describe the vulnerability as stemming from insufficient input va...

Qualifio Wheel of Fortune 路径遍历漏洞

Qualifio Wheel of Fortune is a prize wheel interactive data collection software from Qualifio. A path traversal vulnerability exists in Qualifio Wheel of Fortune that stems from insufficient input validation, allowing an attacker to access the application multiple times and win prizes by adding...

Qualifio Wheel of Fortune 路径遍历漏洞

Qualifio Wheel of Fortune is a prize wheel interactive data collection software from Qualifio. A path traversal vulnerability exists in Qualifio Wheel of Fortune that stems from insufficient input validation and allows an attacker to access the application multiple times and win prizes by modifyi...

PT-2025-3983 · Qualifio · Qualifio'S Wheel Of Fortune

The Qualifio Wheel of Fortune application is affected by an input validation issue, allowing an attacker to modify an email address to include the '+' symbol and access the application to win prizes multiple times. The affected software is Qualifio's Wheel of Fortune, but the specific versions ar...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

CVE-2024-47311

Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8...

CVE-2024-47311

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through = 1.1.8...

CVE-2024-38744

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...

CVE-2024-38743

Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...

CVE-2024-47311

CVE-2024-47311 relates to a Broken Access Control/missing authorization vulnerability in WordPress plugin Wheel of Life. Affected versions are

CVE-2024-47311 WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through = 1.1.8...

CVE-2024-38743

CVE-2024-38743 is a WordPress plugin vulnerability in Plum: Spin Wheel & Email Pop-up (Upqode) affecting versions through 2.0. The connected sources describe a Broken Access Control issue (unauthorized access) in Plum: Spin Wheel & Email Pop-up

CVE-2024-38743 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability

Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...