EUVD-2025-26212

Malicious code in bioql PyPI...

CVE-2025-47909

The CVE-2025-47909 entry describes a CSRF vulnerability in gorilla/csrf related to how TrustedOrigins can permit both HTTP and HTTPS origins. Affected component: gorilla/csrf (Go web middleware). Root cause: Origin/Trust logic allows a host listed in TrustedOrigins to bypass same-origin checks, e...

PT-2025-35244

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, potentially enabling network attackers to perform Cross-Site Request Forgery CSRF attacks. Following...