EUVD-2025-8319

Malicious code in bioql PyPI...

EUVD-2022-4218

Malicious code in bioql PyPI...

EUVD-2025-26663

Malicious code in bioql PyPI...

EUVD-2024-0208

Malicious code in bioql PyPI...

EUVD-2024-46488

Malicious code in bioql PyPI...

EUVD-2023-1425

Malicious code in bioql PyPI...

EUVD-2023-58903

Malicious code in bioql PyPI...

EUVD-2024-46267

Malicious code in bioql PyPI...

EUVD-2022-5243

Malicious code in bioql PyPI...

EUVD-2023-57672

Malicious code in bioql PyPI...

CVE-2025-59489

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be...

CVE-2025-59417

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

wazuh

This repository is an issue template for Wazuh, a free and open-source platform for threat prevention, detection, and response. The repository contains various templates for reporting bugs, making feature requests, and testing integration and component tests. The templates are organized by...

The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk

You Don't Know What You Don't Know – And That's the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet somewhere in your application stack, fu...

CVE-2025-9542

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

CVE-2025-9539

CVE-2025-9539 involves the WordPress plugin AutomatorWP ( Automator plugin for no-code automations, webhooks & custom integrations ) with a missing authorization check in the automatorwp_ajax_import_automation_from_url function. The vulnerability allows authenticated attackers with Subscriber-lev...

PT-2025-36579

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions through 5.3.7 Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check on...

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through...

The API Security Dilemma: Why Traditional Approaches Are Failing in the AI Era

Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and more. But as API use has exploded, so has API traffic volume and complexity, making...