7 matches found
CVE-2026-24783
The CVE-2026-24783 issue in soroban-fixed-point-math causes incorrect rounding in mulDiv when both the intermediate product and the divisor are negative, affecting signed FixedPoint implementations (i64, i128, I256) in versions 1.3.0 and 1.4.0. A patch exists in v1.3.1 and v1.4.1; every version &...
CVE-2025-48868
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-58067
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...
CVE-2025-58067
CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...
CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...