EUVD-2026-36788

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

PT-2026-49331

Name of the Vulnerable Software and Affected Versions grocy version 4.6.0 Description SQL injection occurs at the '/stockreports/spendings' endpoint through the product-group parameter. This allows attackers to access sensitive database information by using a crafted SQL statement. SQL injection ...

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

CVE-2026-50890

Bernd Bestel grocy v4.6.0 is affected by a SQL injection in the product-group parameter at /stockreports/spendings. The issue allows extracting sensitive database information via a crafted SQL statement. Environment references this vulnerability across multiple sources (NVD, ENISA EUVD, CVE recor...

EUVD-2020-18140

Malware in sbrugna...

EUVD-2020-7265

Malware in sbrugna...

EUVD-2023-52277

Malicious code in bioql PyPI...

EUVD-2024-52733

Malicious code in bioql PyPI...

EUVD-2024-52734

Malicious code in bioql PyPI...

EUVD-2023-52895

Malicious code in bioql PyPI...

EUVD-2023-52279

Malicious code in bioql PyPI...

EUVD-2024-49128

Malicious code in bioql PyPI...

EUVD-2023-52278

Malicious code in bioql PyPI...

EUVD-2023-52280

Malicious code in bioql PyPI...

EUVD-2024-52732

Malicious code in bioql PyPI...

CVE-2024-8370

A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

CVE-2023-48866

A Cross-Site Scripting XSS vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shoppinglists/ of Grocy = 4.0.3 allows attackers to obtain the victim's cookies...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...