14 matches found
CVE-2023-49773
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23...
EUVD-2025-25071
Malicious code in bioql PyPI...
EUVD-2023-53696
Malicious code in bioql PyPI...
CVE-2025-6221
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-6221 Embed Bokun <= 0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-48070 Plane has insecure permissions in UserSerializer
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...
CVE-2023-27609
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23...
WordPress plugin WP Roles at Registration 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...
PT-2024-40924 · Pypi · Pyo3
Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The family of functions to read "borrowed" values from Python weak references were fundamentally unsound due to the weak reference not having ownership of the value. This could lead to a dangling...
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
...
GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers
Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...
PYSEC-2020-107
DISPUTED scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the...