CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

Missing Critical Step in Authentication

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the WebAuthn Attestation Statement verification. An attacker can...

PT-2025-43926

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description An attacker manipulating the C++ CLI client can cause the UpdateService to crash during file transfers, leading to disruptions in updates and availability. Recommendations At the moment, there is no informati...

EUVD-2019-16105

Malware in sbrugna...

EUVD-2021-21943

Malware in sbrugna...

EUVD-2018-15681

Malware in sbrugna...

EUVD-2007-3612

Malware in sbrugna...

EUVD-2021-28831

Malicious code in bioql PyPI...

EUVD-2022-7559

Malicious code in bioql PyPI...

EUVD-2025-6824

Malicious code in bioql PyPI...

EUVD-2021-8239

Malicious code in bioql PyPI...

EUVD-2022-39075

Malicious code in bioql PyPI...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

CVE-2018-18689

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...

CVE-2019-19666

A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html...

CVE-2019-19669

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html...

CVE-2007-5025

Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."...

Object Injection

drupal/core is vulnerable to Object Injection. The vulnerability is due to improperly controlled modification of dynamically-determined object attributes, which allows attackers to inject and manipulate objects within the application...