EUVD-2022-7496

Malicious code in bioql PyPI...

CVE-2025-47288

Affected product: Discourse Policy plugin. Vulnerable: versions prior to 0.1.1. Root cause: a policy posted to a public topic that was tied to a private group could cause group members to be visible to non-group members. Impact: information disclosure of private-group membership (partial confiden...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

PT-2023-33055 · Unknown · Connect-Cms

Name of the Vulnerable Software and Affected Versions: Connect-CMS versions 1.7.1 and earlier Connect-CMS versions 2.3.1 and earlier Description: There is a Privilege Escalation issue on the management system of Connect-CMS. Recommendations: For Connect-CMS versions 1.7.1 and earlier, upgrade to...

GHSA-QQ6H-5G6J-Q3CM sweetalert2 v11.4.9 and above contains hidden functionality

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8. Workaround Use a version...

CVE-2021-32620 Users registered with email verification can self re-activate their disabled accounts

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for hi...