EUVD-2026-28648

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive !! !!. Any JavaScript or HTML injected by an editor-ro...

EUVD-2022-32832

Malicious code in bioql PyPI...

EUVD-2022-32831

Malicious code in bioql PyPI...

EUVD-2022-32829

Malicious code in bioql PyPI...

EUVD-2022-32827

Malicious code in bioql PyPI...

EUVD-2022-32830

Malicious code in bioql PyPI...

Inclusion of Functionality from Untrusted Control Sphere

Overview Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere due to incomplete LaTeX sanitization that fails to block the verbatim package. The Latex handling module overlooks the verbatim package during sanitization, allowing specially...

rhys19-verbatim (=2.0.2) potentially affected by unknown CVE via elctron (=0.0.1-security)

elctron NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on elctron and may be impacted: - rhys19-verbatim =2.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19315...

CVE-2022-28384

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

CVE-2022-28383

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive e.g., by leveraging physical access during the supply chain. This code is then...

CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affec...

CVE-2022-28385

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive containing the Windows and macOS client software. The content of this emulated CD-ROM drive is stored as an ISO-9660 image in...

CVE-2022-28386

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout e.g., requiring a reformat of the drive after 20 failed unlock attempts does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number...

CVE-2010-0229

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time...

Arbitrary File Read

anki is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper sanitization of the verbatim package when processing Latex, which allows attackers to share a specially crafted flashcard to trigger this vulnerability...

SUSE CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

GHSA-X3R6-CCVQ-CF5V Anki Latex Incomplete Blocklist Vulnerability

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

Anki Latex Incomplete Blocklist Vulnerability

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

DEBIAN-CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...