CVE-2025-66040

Spotipy (Python Spotify Web API client) has an XSS vulnerability in its OAuth callback server. The issue arises from reflecting the unsanitized error URL parameter directly into the HTML response, enabling JavaScript injection during the OAuth flow. Affected versions are prior to 2.25.2, with the...

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

WordPress Sneeit Framework plugin <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback vulnerability

Unauthenticated Remote Code Execution in sneeitarticlespaginationcallback vulnerability discovered by Tonn in WordPress Plugin Sneeit Framework versions = 8.3...

PT-2025-48208

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

SUSE SLES15 Security Update : kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2025:4237-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4237-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.170 fixes one security issue The following security issue was fixed: - CVE-2023-5367...

spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the...

Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.179 fixes one security issue The following security issue was fixed: CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2025:4242-1 Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.179 fixes one security issue The following security issue was fixed: - CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983...

SUSE-SU-2025:4239-1 Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.161 fixes various security issues The following security issues were fixed: - CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983. - CVE-2024-53141: netfilter: ipset: add missing range che...

SUSE-SU-2025:4237-1 Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.170 fixes one security issue The following security issue was fixed: - CVE-2023-53673: Bluetooth: hcievent: call disconnect callback before deleting conn bsc1251983...

CVE-2025-6389

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

CVE-2025-6389

The CVE-2025-6389 issue affects the WordPress Sneeit Framework plugin (versions

CVE-2025-6389 Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

PT-2025-47981

Name of the Vulnerable Software and Affected Versions Sneeit Framework plugin for WordPress versions prior to 8.4 Sneeit Framework versions 8.3 and earlier Description The Sneeit Framework plugin for WordPress contains a Remote Code Execution RCE issue due to the sneeit articles pagination callba...

Beyond JSON: Converting Spring AI Tool Response Formats to TOON, XML, CSV, YAML, ...

JSON is the go-to format for LLM tool responses, but recent discussions around alternative formats like TOON Token-Oriented Object Notation claim potential benefits in token efficiency and performance. While the debate continues—with critical analyses pointing to context-dependent results—the...

VulnCheck KEV: CVE-2025-6389

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeitarticlespaginationcallback function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for...

CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter. Mitigation Mitigation for this issue is either no...

EUVD-2025-198706

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...