Deserialization of Untrusted Data

Overview jsonpickle is a Python library for serializing any arbitrary object graph into JSON. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadrepr function in Unpickler. An attacker can execute arbitrary system commands by supplying malicious JSON...

CVE-2026-25386

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through = 4.0.2...

Claroty Secure Access 安全漏洞

Claroty Secure Access is a remote secure access management platform from Claroty USA. A security vulnerability exists in Claroty Secure Access versions 3.3.0 through 4.0.2, which stems from an incorrect OIDC authentication process that could result in an unauthorized user creating or impersonatin...

EUVD-2023-37486

Malicious code in bioql PyPI...

EUVD-2023-41759

Malicious code in bioql PyPI...

EUVD-2023-27732

Malicious code in bioql PyPI...

WordPress Streamit Theme <= 4.0.1 is vulnerable to Arbitrary File Download

Software Streamit Type Theme Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2025-2519 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 446a13c89b70 Credits István Márton Required privilege Subscriber...

CVE-2023-3982 Cross-site Scripting (XSS) - Stored in omeka/omeka-s

Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.2...

CVE-2023-3980 Cross-site Scripting (XSS) - Stored in omeka/omeka-s

Cross-site Scripting XSS - Stored in GitHub repository omeka/omeka-s prior to 4.0.2...

PT-2023-27123 · Omeka · Omeka-S

Name of the Vulnerable Software and Affected Versions: omeka/omeka-s versions prior to 4.0.2 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts. This c...

CVE-2023-0273 Custom Content Shortcode <= 4.0.2 - Contributor+ Stored XSS

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...