Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

EUVD-2018-15101

Malware in sbrugna...

EUVD-2018-15061

Malware in sbrugna...

EUVD-2018-15060

Malware in sbrugna...

EUVD-2023-32658

Malicious code in bioql PyPI...

EUVD-2023-26054

Malicious code in bioql PyPI...

EUVD-2025-3136

Malicious code in bioql PyPI...

EUVD-2023-41877

Malicious code in bioql PyPI...

EUVD-2024-18964

Malicious code in bioql PyPI...

CVE-2025-30739

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technica...

CVE-2025-48802 Windows SMB Server Spoofing Vulnerability

...

CVE-2024-20943

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge...

CVE-2023-22082

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Pod Admin. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...

CVE-2023-27462

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for...

CVE-2021-2407

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2020-14533

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2020-14890

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications component: Pre Login. Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2020-14548

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web General. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2020-14603

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2019-2720

Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware subcomponent: ODI Tools. Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data...