Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings. (Last Update:2025-05-12 17:32:33) (Publish Update:2025-05-11 00:00:00)

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter. (Last Update:2025-05-12 17:32:33) (Publish Update:2025-05-10 22:15:21)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. (Last Update:2025-05-12 19:15:52) (Publish Update:2025-05-10 22:15:21)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. (Last Update:2025-05-12 19:15:52) (Publish Update:2025-05-10 22:15:20)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. (Last Update:2025-05-12 17:32:33) (Publish Update:2025-05-10 22:15:20)

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. (Last Update:2025-05-12 17:32:53) (Publish Update:2025-05-09 05:15:52)

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. (Last Update:2025-05-12 17:32:53) (Publish Update:2025-05-09 05:15:52)

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. (Last Update:2025-05-12 17:32:53) (Publish Update:2025-05-09 05:15:51)

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network (Last Update:2025-05-12 17:32:53) (Publish Update:2025-05-08 22:17:27)

Microsoft Dataverse Remote Code Execution Vulnerability (Last Update:2025-05-12 17:32:53) (Publish Update:2025-05-08 22:17:27)