EUVD-2026-4950

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

EUVD-2025-6433

Malicious code in bioql PyPI...

EUVD-2023-34332

Malicious code in bioql PyPI...

EUVD-2023-34350

Malicious code in bioql PyPI...

EUVD-2024-41600

Malicious code in bioql PyPI...

EUVD-2024-16576

Malicious code in bioql PyPI...

EUVD-2024-45394

Malicious code in bioql PyPI...

EUVD-2022-52449

Malicious code in bioql PyPI...

EUVD-2025-23283

Malicious code in bioql PyPI...

EUVD-2022-43211

Malicious code in bioql PyPI...

EUVD-2025-20986

Malicious code in bioql PyPI...

EUVD-2023-12615

Malicious code in bioql PyPI...

CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...

BIT-GITLAB-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-3396

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

PT-2025-29222 · Schneider Electric · Ecostruxure Data Center Expert

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An improper restriction of XML external entity reference issue exists, potentially allowing manipulation of SOAP API calls and XML external entities injection...

CVE-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

GitLab 13.3 < 17.11.6 / 18.0 < 18.0.4 / 18.1 < 18.1.2 (CVE-2025-3396)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass...

CVE-2025-6733

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack c...

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

Impact Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions. Patches Patched in 15.4.2 and 16.0.0. Workarounds None available...