Malicious code in @cloudplatform-single-spa/svp-tags (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

PT-2026-1071

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A flaw exists where resources can be allocated without limits or throttling. If an attacker obtains a user account, they ma...

EUVD-2020-7625

Malware in sbrugna...

EUVD-2022-41589

Malicious code in bioql PyPI...

EUVD-2022-15604

Malicious code in bioql PyPI...

EUVD-2022-41584

Malicious code in bioql PyPI...

EUVD-2021-9341

Malicious code in bioql PyPI...

EUVD-2022-27270

Malicious code in bioql PyPI...

CVE-2025-29900

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

CVE-2025-36027

CVE-2025-36027 affects IBM Datacap 9.1.7–9.1.9. Description and Red Hat/IBM bulletin confirm a clickjacking issue where a remote attacker could exploit a malicious site to hijack the victim’s click actions (CWE-1021). Impact is UI interaction manipulation with potential for follow-on attacks; CVS...

CVE-2025-3091

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other users password...

CVE-2018-25090

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability...

SicommNet multiple vulnerabilities

RISK EVALUATION SicommNET BASEC is an online eProcurement solution used by governments and other entities. Multiple vulnerabilities have been found in BASEC. These vulnerabilities allow a remote, unauthenticated attacker to gain administrative privileges, read user passwords, and obtain...

CVE-2024-7036

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, ...

CVE-2025-26523 Insufficient Authorization Vulnerability in RupeeWeb trading platform

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other...

Unauthorized Access Vulnerability in KingH5Stream of Beijing Asian Control Technology Development Co. Ltd (CNVD-2024-33960)

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. There is an unauthorized access vulnerability i...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6024-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6024-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker...

Host Header Injection

remdex/livehelperchat is vulnerable to host header injection. The library does not properly validate the URL for password reset which allows a malicious attacker to generate a fake password link and take over the user account...

CVE-2022-0304

Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

OMERO.server information disclosure vulnerability (CNVD-2021-20273)

OMERO.server is an image server from the Open Microscopy Environment team. A security vulnerability exists in OMERO.server versions prior to 5.6.1. An attacker could exploit this vulnerability to obtain per-user details...