CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

CVE-2025-41104

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'customfield1' in '/estimaterequests/saveestimaterequest'...

CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

EUVD-2025-30469

Malicious code in bioql PyPI...

EUVD-2025-31378

Malicious code in bioql PyPI...

EUVD-2024-1261

Malicious code in bioql PyPI...

BIT-DJANGO-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

BIT-GOLANG-2025-47910 CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

DEBIAN-CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

UBUNTU-CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-38693

Name of the Vulnerable Software and Affected Versions Campcodes Grocery Sales and Inventory System version 1.0 Description A flaw exists in Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is due to SQL injection within unknown code in the file /ajax.php?action=delete user...

CVE-2025-8280 Contact Form 7 reCAPTCHA <= 1.2.0 - Reflected XSS via $_SERVER['REQUEST_URI']

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-43996

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.10 Apache Tomcat versions 10.1.0-M1 through 10.1.44 Apache Tomcat versions 9.0.0.M11 through 9.0.108 Apache Tomcat versions 8.5.6 through 8.5.100 Description A relative path traversal flaw exists i...

Linux Distros Unpatched Vulnerability : CVE-2025-48432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which...

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...