CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

CVE-2026-39428

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

CVE-2026-34018

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

PT-2026-33409

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

Uncontrolled Recursion

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

Open Redirect

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the redirecttotarget function in the OAuth flow, which accepts an unvalidated targeturl query parameter. An attacker can redirect...

SUSE CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

CVE-2026-22691 pypdf has possible long runtimes for malformed startxref

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

CVE-2025-67461

CVE-2025-67461 affects Zoom Rooms for macOS prior to 6.6.0. The issue is external control of a file name or path, enabling an authenticated user to disclose information via local access. Impact is information disclosure (confidentiality). Remediation: update Zoom Rooms for macOS to version 6.6.0 ...

PT-2025-50506

Name of the Vulnerable Software and Affected Versions Zoom Rooms for macOS versions prior to 6.6.0 Description An authenticated user could potentially disclose information through local access due to external control of a file name or path in Zoom Rooms for macOS. The issue involves manipulation ...

EUVD-2020-24148

Malware in sbrugna...

EUVD-2016-3142

Malware in sbrugna...

EUVD-2023-28659

Malicious code in bioql PyPI...

EUVD-2024-42302

Malicious code in bioql PyPI...

EUVD-2022-6366

Malicious code in bioql PyPI...

EUVD-2025-6160

Malicious code in bioql PyPI...

EUVD-2025-10564

Malicious code in bioql PyPI...

EUVD-2022-52191

Malicious code in bioql PyPI...