CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

WordPress Insert PHP Code Snippet Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0658 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af77943c0a22 Credits Felipe Restrepo...

CVE-2018-1000165

LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...