EUVD-2025-2290

Malicious code in bioql PyPI...

EUVD-2022-27166

Malicious code in bioql PyPI...

EUVD-2024-40344

Malicious code in bioql PyPI...

EUVD-2022-51024

Malicious code in bioql PyPI...

EUVD-2023-40018

Malicious code in bioql PyPI...

EUVD-2022-41701

Malicious code in bioql PyPI...

EUVD-2022-50828

Malicious code in bioql PyPI...

EUVD-2022-4197

Malicious code in bioql PyPI...

EUVD-2021-28406

Malicious code in bioql PyPI...

CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

Advisory ROSA-SA-2025-2926

software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...

CVE-2025-8655

CVE-2025-8655 affects Kenwood DMX958XR devices, specifically the libSystemLib component. The vulnerability stems from improper validation of a user-supplied string during the firmware update process, which is used to invoke a system call. An attacker with physical access can exploit this to execu...

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

KLA86360 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Implementation vulnerability can be exploited to cause denial o...

CVE-2025-50706

An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function...

CVE-2025-53078

Samsung DMS (Data Management Server) is affected by CVE-2025-53078 due to deserialization of untrusted data, enabling attackers to execute arbitrary code by writing files to the system. Affected component is the Samsung DMS data management server; root cause is untrusted data deserialization that...

CVE-2025-53078

Deserialization of Untrusted Data in Samsung DMSData Management Server allows attackers to execute arbitrary code via write file to system...

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

CVE-2025-54414

CVE-2025-54414 affects TecharoHQ Anubis Web AI Firewall Utility (versions 1.21.2 and earlier). The vulnerability arises from malicious pass-challenge pages that can cause a user to execute arbitrary JavaScript or trigger nonstandard URL schemes via the PassChallenge flow, specifically the route /...