Mar 28 CVE-2024-39311 (publify_core): Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction posted in •
Mar 27 CVE-2025-30221 (pitchfork): Pitchfork HTTP Request/Response Splitting vulnerability posted in •
Mar 14 GHSA-mrxw-mxhj-p664 (nokogiri): Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs posted in •
Mar 14 CVE-2025-2304 (camaleon_cms): Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment posted in •
Mar 12 CVE-2025-27407 (graphql): graphql allows remote code execution when loading a crafted GraphQL schema posted in •
Mar 12 CVE-2025-25293 (ruby-saml): Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses posted in •
Mar 12 CVE-2025-25292 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) posted in •
Mar 12 CVE-2025-25291 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) posted in •