EUVD-2025-20339

Malicious code in bioql PyPI...

EUVD-2021-7674

Malicious code in bioql PyPI...

EUVD-2022-4443

Malicious code in bioql PyPI...

CVE-2025-42989

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process DTP allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimat...

CVE-2024-8049

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 2024.4.1106, importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable...

CVE-2023-32111

In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2022-29793

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability...

CVE-2022-29617

Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...

Cache Poisoning

react-router is vulnerable to Cache Poisoning. The vulnerability is due to improper request handling due to allowing header-based switching from SSR to SPA mode, which can trigger an error response that is then cached, affecting application availability...

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

CVE-2024-7035

The CVE-2024-7035 issue affects open-webui/open-webui (v0.3.8). The underlying problem is CSRF because sensitive actions (delete/reset) are invoked via GET requests. Affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads, impactin...

CVE-2025-26661

Due to missing authorization check, SAP NetWeaver ABAP Class Builder allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high...

Linux Distros Unpatched Vulnerability : CVE-2021-3477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed b...

Linux Distros Unpatched Vulnerability : CVE-2020-27765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavio...

Linux Distros Unpatched Vulnerability : CVE-2021-3598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an applicatio...