351 matches found
EUVD-2012-2682
Malware in sbrugna...
EUVD-2021-28256
Malicious code in bioql PyPI...
EUVD-2022-29728
Malicious code in bioql PyPI...
EUVD-2022-55349
Malicious code in bioql PyPI...
EUVD-2023-30289
Malicious code in bioql PyPI...
EUVD-2022-4262
Malicious code in bioql PyPI...
EUVD-2022-1250
Malicious code in bioql PyPI...
EUVD-2025-24179
Malicious code in bioql PyPI...
EUVD-2025-24173
Malicious code in bioql PyPI...
EUVD-2025-24169
Malicious code in bioql PyPI...
EUVD-2023-12311
Malicious code in bioql PyPI...
CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...
GHSA-4269-MCFH-CP7Q Indico may disclose unauthorized user details access via legacy API
Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...
CVE-2025-57758 Contao has improper access control in the back end voters
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2025-53910
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...
CVE-2025-48731
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...
CVE-2025-53857
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...
CVE-2025-54458
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...
CVE-2025-8285
Mattermost Confluence Plugin has a Missing Authorization vulnerability in versions
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...