EUVD-2022-6840

Malicious code in bioql PyPI...

EUVD-2025-16055

Malicious code in bioql PyPI...

EUVD-2024-32035

Malicious code in bioql PyPI...

EUVD-2024-27676

Malicious code in bioql PyPI...

EUVD-2024-1424

Malicious code in bioql PyPI...

WordPress Auto Bulb Finder for WordPress plugin <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Bulb Finder for WordPress versions = 2.8.0...

Linux Distros Unpatched Vulnerability : CVE-2025-59432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication...

Linux Distros Unpatched Vulnerability : CVE-2025-10921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Linux Distros Unpatched Vulnerability : CVE-2025-23339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run...

Linux Distros Unpatched Vulnerability : CVE-2025-60019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in...

Linux Distros Unpatched Vulnerability : CVE-2025-10923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

WordPress XStore Theme <= 9.5.3 is vulnerable to Content Injection

Software XStore Type Theme Vulnerable versions = 9.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-60100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 55131c12c2eb Credits Rafie Muhammad Patchstack Required privilege...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

CVE-2025-10548

The CleverControl employee monitoring software v11.5.1041.6 fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are...

Linux Distros Unpatched Vulnerability : CVE-2025-9905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 mod...

Linux Distros Unpatched Vulnerability : CVE-2023-53428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Remove recursion while parsing zones Powercap zones can be defined as...

Linux Distros Unpatched Vulnerability : CVE-2025-59691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or...

Linux Distros Unpatched Vulnerability : CVE-2025-39887

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...