CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

Malicious code in ts-big-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09cc5687efdad86354f994af9fa7d7c28fbc21d7b5b4558870aba1c05dcf425b ts-big-ecro is a verbatim copy of the legitimate big.js library MikeMcl/big.js v7.0.1 with its name, repository field, and copyright preserved to...

CVE-2026-45561

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...

EUVD-2026-36042

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...

EUVD-2026-28648

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive !! !!. Any JavaScript or HTML injected by an editor-ro...

EUVD-2022-32831

Malicious code in bioql PyPI...

EUVD-2022-32830

Malicious code in bioql PyPI...

EUVD-2022-32829

Malicious code in bioql PyPI...

EUVD-2022-32832

Malicious code in bioql PyPI...

EUVD-2022-32827

Malicious code in bioql PyPI...

Inclusion of Functionality from Untrusted Control Sphere

Overview Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere due to incomplete LaTeX sanitization that fails to block the verbatim package. The Latex handling module overlooks the verbatim package during sanitization, allowing specially...

rhys19-verbatim (=2.0.2) potentially affected by unknown CVE via elctron (=0.0.1-security)

elctron NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on elctron and may be impacted: - rhys19-verbatim =2.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19315...

CVE-2022-28384

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

CVE-2022-28383

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive e.g., by leveraging physical access during the supply chain. This code is then...

CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affec...

CVE-2022-28385

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive containing the Windows and macOS client software. The content of this emulated CD-ROM drive is stored as an ISO-9660 image in...

CVE-2022-28386

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout e.g., requiring a reformat of the drive after 20 failed unlock attempts does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number...

CVE-2010-0229

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time...

Arbitrary File Read

anki is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper sanitization of the verbatim package when processing Latex, which allows attackers to share a specially crafted flashcard to trigger this vulnerability...