CVE-2025-58190 affecting package kube-vip-cloud-provider for versions less than 0.0.10-5

CVE-2025-58190 affecting package kube-vip-cloud-provider for versions less than 0.0.10-5. A patched version of the package is available...

EUVD-2025-2810

Malicious code in bioql PyPI...

better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +62 more potentially affected by unknown CVE via serde_yml (>=0.0.10 <=0.0.12)

serdeyml CARGO version =0.0.10, =0.1.4, =0.2.0, =0.33.0, =0.3.0, =0.1.5, =0.9.0, =0.3.0, =0.10.0, =0.3.2, =0.1.0, =1.2.0, =1.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HHW4-XG65-FP2X...

WordPress Caching Compatible Cookie Opt-In plugin <= 0.0.10 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Caching Compatible Cookie Opt-In and JavaScript versions = 0.0.10...

AZL-34892 CVE-2023-39325 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...