NPM: OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

NPM: OpenClaude Sandbox Bypass via Model-Controlled dangerouslyDisableSandbox Input vulnerability discovered by ? in WordPress Npm openclaude versions 0.5.1...

PT-2026-21431

Name of the Vulnerable Software and Affected Versions rymcu forest versions prior to 0.0.6 Description A security issue exists in rymcu forest up to version 0.0.5. The XssUtils.replaceHtmlCode function within the src/main/java/com/rymcu/forest/util/XssUtils.java file, part of the Article...

EUVD-2025-30594

Malicious code in bioql PyPI...

EUVD-2025-26904

Malicious code in bioql PyPI...

CVE-2025-52287

OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...

CVE-2025-6167 themanojdesai python-a2a api.py create_workflow path traversal

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function createworkflow of the file pythona2a/agentflow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommend...

WordPress plugin OZ Canonical 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin OZ Canonical versions = 0.5...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a heap buffer overflow vulnerability in the pngquantize function, allowing an attacker to cause a...

GHSA-WF7F-8FXF-XFXC MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

wasm3 安全漏洞

wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A security vulnerability exists in version v0.5.0 of wasm3, which originates from a segmentation error via the function PreserveRegisterIfOccupied in wasm3/source/m3compile.c. The vulnerability is caused by the...

GARO Wallbox GLB/GTB/GTC Cross-Site Scripting Vulnerability

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A cross-site scripting vulnerability exists in GARO WALLBOX GLB+ T2EV7 version 0.5, which stems from a cross-site scripting vulnerability in the component Software Update Handler...

CVE-2023-5016

A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to...

CVE-2023-30524

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...

PT-2023-22753 · Jenkins · Jenkins Report Portal Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Report Portal Plugin versions 0.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. This issue arise...

Akeneo PIM Development Repository 代码注入漏洞

Akeneo PIM Development Repository is an Akeneo open source repository . It is used to develop Akeneo PIM products. A code injection vulnerability exists in Akeneo PIM Development Repository versions prior to v5.0.119 and v6.0.53, which originates from a code injection vulnerability that could all...

CVE-2022-40238 A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed...

CVE-2022-41404

An issue in the fetch method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service DoS via unspecified vectors...

CVE-2022-37328

Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in Themes Awesome History Timeline plugin = 1.0.5 at WordPress...

wasm3 缓冲区错误漏洞

wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A buffer error vulnerability exists in wasm3 version v0.5.0, which stems from the opSelecti32sr component containing a segmentation error...