BIT-JAVA-2020-2585

Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

CVE-2019-7872

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

CVE-2025-64386 HIJACKING OF THE TOKEN AND GAINING ACCESS

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session...

Deno's --deny-write check does not prevent permission bypass

Summary Deno.FsFile.prototype.utime and Deno.FsFile.prototype.utimeSync are not limited by the permission model check --deny-write=./. It's possible to change to change the access atime and modification mtime times on the file stream resource even when the file is opened with read only permission...

EUVD-2014-8850

Malware in sbrugna...

EUVD-2019-3331

Malware in sbrugna...

EUVD-2000-0310

Malware in sbrugna...

EUVD-2017-6971

Malware in sbrugna...

EUVD-2021-14403

Malware in sbrugna...

EUVD-2017-12307

Malware in sbrugna...

EUVD-2022-32444

Malicious code in bioql PyPI...

EUVD-2022-47506

Malicious code in bioql PyPI...

EUVD-2023-40577

Malicious code in bioql PyPI...

EUVD-2023-43990

Malicious code in bioql PyPI...

EUVD-2024-44448

Malicious code in bioql PyPI...

EUVD-2024-45753

Malicious code in bioql PyPI...

EUVD-2024-54241

Malicious code in bioql PyPI...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

CVE-2022-47407

An issue was discovered in the fpmasterquiz aka Master-Quiz extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers...

CVE-2021-38164

SAP ERP Financial Accounting RFOPENPOSTINGFR versions - SAPAPPL - 600, 602, 603, 604, 605, 606, 616, SAPFIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific user...