CVE-2023-40609

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3...

Incorrect Behavior Order

Overview ai is an AI SDK by Vercel - The AI Toolkit for TypeScript and JavaScript Affected versions of this package are vulnerable to Incorrect Behavior Order via the downloadAssets function. An attacker can upload files with disallowed types by substituting arbitrary downloaded bytes for differe...

EUVD-2024-43132

Malicious code in bioql PyPI...

EUVD-2023-45167

Malicious code in bioql PyPI...

CVE-2025-54576

Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...

CVE-2024-48918

RDS Light is a simplified version of the Reflective Dialogue System RDS, a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module main.p...

Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQLi

Description The plugin does not properly sanitise and escape the post parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated uers...

CVE-2023-40609

A vulnerability in aiyaz Khorajia Contact form 7 Custom validation cf7-field-validation.This issue affects Contact form 7 Custom validation: from n/a through = 1.1.3...

CVE-2023-40609

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3...

CVE-2023-40609

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3...

CVE-2023-40609

CVE-2023-40609: WordPress plugin Contact form 7 Custom validation (cf7-field-validation)

WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection

Software Contact form 7 Custom validation Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40609 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID b7c9ad699602 Credits minhtuanact Required privilege...

HTTPS client certificate authentication security issues. Part 2/3

In the first story, I described some issues related to client certificates authentication implementations in environments with load balancers. This time I’d like to mention some typical issues in custom certificate validation processes when a developer is doing this itself in application code...