EUVD-2026-8719

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying...

CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying...

CVE-2025-12420

ServiceNow CVE-2025-12420 affects the ServiceNow AI Platform, with Now Assist AI Agents and Virtual Agent API components harboring an authentication/authorization flaw that allows an unauthenticated attacker to impersonate any user. Root cause centers on broken access controls and a shared provid...

CVE-2025-11449

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

CVE-2025-11450

CVE-2025-11450 describes a reflected cross-site scripting vulnerability in the ServiceNow AI Platform. The issue could allow arbitrary code execution in the browser of a ServiceNow user who clicks a crafted link. ServiceNow has deployed security updates to the majority of hosted instances and pro...

PT-2025-41499

Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description A reflected cross-site scripting issue exists in the ServiceNow AI Platform. Successful exploitation could allow for the execution of arbitrary code within the browsers of ServiceNow users...

EUVD-2024-49476

Malicious code in bioql PyPI...

EUVD-2022-42882

Malicious code in bioql PyPI...

EUVD-2022-42937

Malicious code in bioql PyPI...

EUVD-2024-49486

Malicious code in bioql PyPI...

CVE-2025-52898

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users...

CVE-2025-52898

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users...

CVE-2025-52898 Frappe account takeover via password reset token leakage

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users...

PT-2025-27461 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.94.3 Frappe versions prior to 15.58.0 Description: A carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This issue can only be exploited on self-hosted...

CVE-2024-8912

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: Looker Google Cloud core was found to be vulnerable. This issue has already been mitigated and our...

CVE-2022-3513

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2025-30371

CVE-2025-30371 affects Metabase (self-hosted) prior to versions v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. The issue is a circumvention of local link access protection in the GeoJson endpoint, potentially impacting deployments where Metabase is colocated with other unsecured resources. Remedia...

Gitlab -- vulnerabilities

Gitlab reports: Unauthorized access to Kubernetes cluster agent Device OAuth flow allows for cross window forgery Denial of Service by importing malicious crafted FogBugz import payload Stored XSS through javascript URL in Analytics dashboards HTML injection in vulnerability Code flow could lead ...

CVE-2024-8924

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...