213 matches found
EUVD-2022-40664
Malicious code in bioql PyPI...
EUVD-2025-8562
Malicious code in bioql PyPI...
EUVD-2025-11387
Malicious code in bioql PyPI...
Cisco IOS XE Software SNMP DoS RCE (cisco-sa-snmp-x4LPhte)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges...
DRUPAL-CONTRIB-2025-108
This module enables users to sign in with an access code instead of entering user names and passwords. When users are allowed to pick their own access codes, they can guess other users' access codes based on the fact that access codes need to be unique and the system warns if the code of their...
Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108
This module enables users to sign in with an access code instead of entering user names and passwords. When users are allowed to pick their own access codes, they can guess other users' access codes based on the fact that access codes need to be unique and the system warns if the code of their...
CVE-2025-3770 SMM IDT Privilege Escalation Vulnerability
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...
CVE-2025-36605
Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. An unauthenticated attacker with remote access could...
CVE-2025-43185
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6. An app may be able to access protected user data...
CVE-2017-20198
The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...
CVE-2025-47988
Improper control of generation of code 'code injection' in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network...
CVE-2025-49702
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2025-49688
Double free in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-7410
Summary: CVE-2025-7410 affects LifeStyle Store 1.0 from Code-Projects. The issue is a vulnerability in the /cart_remove.php file where manipulating the ID argument enables SQL injection. The vulnerability is remote and the exploit has been disclosed publicly. Affected component: LifeStyle Store 1...
CVE-2025-49702
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2025-49696
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2025-49657
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-49705
CVE-2025-49705 is a Microsoft PowerPoint remote code execution vulnerability described as a heap-based buffer overflow in PowerPoint that allows an attacker to execute code locally. Connected sources confirm this vulnerability affects PowerPoint components and is addressed by Microsoft security u...
CVE-2025-48824
Technical details (affected product, version, root cause, exploit, or remediation) are not provided in the connected documents; no concrete specifics about CVE-2025-48824 are available here. Monitor for official disclosures and updates.
CVE-2025-7174
A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation of the argument idn leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...