CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

EUVD-2025-28701

Malicious code in bioql PyPI...

CVE-2025-48111

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...

WordPress Pixel Manager for WooCommerce (PRO) plugin <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Pixel Manager for WooCommerce versions = 1.49.0...

WordPress plugin Pixel Manager for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin YITH PayPal Express Checkout for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Password Pusher 安全漏洞

Password Pusher is an open source application by Peter Giacomo Lombardo, an individual developer, used to deliver sensitive information over the web. A security vulnerability exists in Password Pusher prior to v1.49.0, which stems from the ability to bypass the rate limiter by spoofing the proxy...

PT-2024-35447 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions prior to v1.49.0 Description: The issue is related to the rate limiter in Password Pusher, which can be bypassed by forging proxy headers, allowing bad actors to send unlimited traffic to the site and potentially...

rust: memory safety violation in String::retain()

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

rust: use-after-free or double free in VecDeque::make_contiguous

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

rust: use-after-free or double free in VecDeque::make_contiguous

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-33049)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in the Rust standard library prior to version 1.49.0, which stems from the fact that it allows a non-UTF-8 Rust string to be created when there is a problem with the suppli...

Mozilla Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in the Rust standard library prior to version 1.49.0, which stems from the fact that it allows a non-UTF-8 Rust string to be created when there is a problem with the suppli...