CVE-2026-33697

CVE-2026-33697 affects CoCoS’ attested TLS (aTLS) across v0.4.0–v0.8.2 on AMD SEV-SNP and Intel TDX. An attacker who can extract the ephemeral TLS private key used during intra-handshake attestation can relay or divert an attested TLS session because the attestation evidence is bound to the ephem...

EUVD-2023-43361

Malicious code in bioql PyPI...

Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

GHSA-VCQX-V2MG-7CHX Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

CVE-2020-18702

Cross Site Scripting XSS in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'...

PT-2025-12316 · Significant Gravitas +1 · Autogpt +2

Name of the Vulnerable Software and Affected Versions: significant-gravitas/autogpt versions prior to v0.4.0 Description: A Server-Side Request Forgery SSRF issue was identified, arising from a hostname confusion between the urlparse function from the urllib.parse library and the requests library...

CVE-2024-39012

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39012

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39012

The CVE-2024-39012 entry affects ais-ltd strategyen v0.4.0, where the mergeObjects function enables prototype pollution. The cited sources describe attackers exploiting this to achieve arbitrary code execution, Denial of Service, or related object-behavior manipulation (per Veracode and NVD). Pra...

njwt Prototype Pollution vulnerability

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2023-39654

The CVE-2023-39654 entry details a SQL injection in the Python package abupy up to v0.4.0, exploiting the function component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. The root cause is input handling in this component, enabling untrusted input to affect SQL queries. Affected versions are up...

CVE-2023-39654

abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.searchtosymboldict...

CVE-2023-22461

The sanitize-svg package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal -tags and on-event handlers were detected in versions prior to 0.4.0. As a result, downstream software that relies on sanitize-sv...

GHSA-XHMF-MMV2-4HHX Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function

Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...

Out-of-bounds

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

CVE-2022-34612

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function getlongobject. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted binary...

CVE-2022-34612

CVE-2022-34612 affects Rizin 0.4.0 and earlier. The root cause is an integer overflow in get_long_object() that can be triggered by loading a crafted binary, leading to a Denial of Service. Public disclosures in GLSA-202209-06 and corroborating OpenVAS/Nessus entries note additional related issue...

GHSA-4Q2R-QXP6-H5J6 Improper Restriction of XML External Entity Reference in Quokka

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

Improper Restriction of XML External Entity Reference in Quokka

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...