EUVD-2026-5360

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

EUVD-2025-5466

Malicious code in bioql PyPI...

CVE-2025-1691

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

CVE-2025-1691

CVE-2025-1691 affects the MongoDB Shell (mongosh) before version 2.3.9. The issue is a control-character injection vulnerability triggered via the autocomplete feature: an attacker who controls mongosh autocomplete can craft obfuscated input by the user tab-completion, leading to malicious text e...

CVE-2012-0800

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on...