CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

Server-Side Request Forgery (SSRF)

Pydantic AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of URLs in the download functionality when processing untrusted message history, which allows an attacker to supply malicious URLs that force the server to make unauthorized requests to...

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

[SECURITY] Fedora 43 Update: persepolis-5.1.1-6.fc43

Persepolis is a Download Manager written in Python. - Multi segment downloading - Scheduling downloads - Download queuing - Finding and downloading video from Youtube, Vimeo, DailyMotion,...

EUVD-2025-34676

GeoIP processor disables SSL certificate validation when downloading databases...

GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

EUVD-2017-15957

Malware in sbrugna...

EUVD-2020-19094

Malware in sbrugna...

EUVD-2006-3321

Malware in sbrugna...

EUVD-2019-0233

Malware in sbrugna...

EUVD-2019-8793

Malware in sbrugna...

EUVD-2021-13882

Malware in sbrugna...

EUVD-2021-14022

Malware in sbrugna...

EUVD-2019-0334

Malware in sbrugna...

EUVD-2019-0222

Malware in sbrugna...

EUVD-2023-35495

Malicious code in bioql PyPI...

EUVD-2025-20485

Malicious code in bioql PyPI...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...