EUVD-2025-24586

Malicious code in bioql PyPI...

CVE-2025-54809 F5 Access for Android vulnerability

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-54809

CVE-2025-54809 (F5 Access for Android) affects Android clients of F5 Access prior to version 3.1.2. The vulnerability arises because, when using HTTPS, the client does not verify the remote endpoint identity, enabling potential man-in-the-middle interception. Affected versions are 3.1.0–3.1.1; a ...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

PT-2023-28157 · Corecode · Macupdater

Name of the Vulnerable Software and Affected Versions: CoreCode MacUpdater versions prior to 2.3.8 CoreCode MacUpdater versions 3.x prior to 3.1.2 Description: An XPC misconfiguration issue allows attackers to escalate privileges by crafting malicious .pkg files. Recommendations: For versions pri...

PT-2022-24536 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is a heap overflow vulnerability that can be triggered by local attackers, allowing them to obtain network sensitive information. Recommendations: For OpenHarmony versions prior to...

GHSA-23WX-CGXQ-VPWX Prototype Pollution in dset

All versions of dset prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or prototype. By crafting a malicious object, it is possible to bypass this check and...

CVE-2016-10878

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS...