158 matches found
EUVD-2025-10327
Malicious code in bioql PyPI...
EUVD-2023-32588
Malicious code in bioql PyPI...
EUVD-2025-12932
Malicious code in bioql PyPI...
EUVD-2024-36335
Malicious code in bioql PyPI...
EUVD-2023-47264
Malicious code in bioql PyPI...
EUVD-2024-26063
Malicious code in bioql PyPI...
EUVD-2023-44979
Malicious code in bioql PyPI...
EUVD-2024-15883
Malicious code in bioql PyPI...
CVE-2025-10429 SourceCodester Pet Grooming Management Software ajax_product.php sql injection
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproduct.php. The manipulation of the argument dropservices results in sql injection. The attack can be launched remotely. The...
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2025:03172-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03172-1 advisory. Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the...
PT-2025-54576
Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in the Split View component of the Google Chrome browser related to errors in how information is presented in the user interface. Remote exploitation of this issue could...
August 26, 2025—KB5063842 (OS Build 19045.6282) Preview
August 26, 2025—KB5063842 OS Build 19045.6282 Preview Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for...
AlmaLinux 8 : kernel (ALSA-2025:13960)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13960 advisory. kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child...
Linux Distros Unpatched Vulnerability : CVE-2022-49965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/pm: add missing -finixxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced. CVE-2022-49965 Note that Nessus relies on...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...
CVE-2025-34079
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...
PT-2025-27534 · Avtech · Avtech Dvr +2
Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: A cross-site request forgery CSRF issue exists in the web interface of the devices. An attacker can craft malicious requests that, when executed in the contex...
CVE-2025-52926
In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...
CVE-2025-52926
CVE-2025-52926 affects spytrap-adb prior to v0.3.5. The issue is an omission in the scan.rs UI where matches for known stalkerware are not rendered in the interactive user interface, reducing visibility of detected stalkerware within affected builds. The CVSS 3.1 base score is 2.7 (LOW) with LOCA...
CVE-2025-6050
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...