EUVD-2015-3463

Malware in sbrugna...

EUVD-2024-39166

Malicious code in bioql PyPI...

EUVD-2023-2705

Malicious code in bioql PyPI...

EUVD-2025-13279

Malicious code in bioql PyPI...

EUVD-2024-42279

Malicious code in bioql PyPI...

CVE-2024-6429 Content Spoofing in Multiple WSO2 Products via Error Message Injection

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

CVE-2025-6785

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9 ee6de92ddac5...

CVE-2025-6785 Tesla Model 3 Physical CAN Bus Injection

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 2023.20.9...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2022-41904

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2002-2230

Cross-site scripting XSS vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328...

Erlang/OTP (Erlang OTP) MITM Vulnerability (May 2025) - Windows

Erlang/OTP Erlang OTP is prone to a man-in-the-middle MITM vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2025-32883

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2025-32883

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-41722. Reason: This candidate is a reservation duplicate of CVE-2024-41722. Notes: All CVE users should reference CVE-2024-41722. instead of this candidate. All references and descriptions in this candidate have been removed ...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...