CVE-2025-64515

Open Forms (Open Formulieren) is affected prior to versions 3.2.7 and 3.3.3 where prefill data fields that are dynamically set to readonly/disabled could be tampered with by malicious users. The underlying issue is that these fields can be modified despite a UI restriction, enabling data tamperin...

AZL-42052 CVE-2024-35176 affecting package ruby for versions less than 3.3.3-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

AZL-42064 CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

WordPress Easy Digital Downloads Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Easy Digital Downloads Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0659 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ffe82c6fd12f Credits emad Required...