CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2020-0122

Malware in sbrugna...

EUVD-2022-5884

Malicious code in bioql PyPI...

EUVD-2022-6168

Malicious code in bioql PyPI...

EUVD-2022-6032

Malicious code in bioql PyPI...

GHSA-M95X-M25C-W9MP XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...

What’s New for Developers: November 2022

Read about the EdgeGrid PHP client update, EdgeWorkers news, the Terraform Provider 3.0 release, and the new Build, Deliver & Secure video series...

hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting

hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting !/usr/bin/python ''' Exploit Title: Hastymail2 Webmail Stored XSS Date: 17/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hastymail.org Software Link:...