CVE-2025-71212

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2026-21853

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

GO-2026-4447 OpenCloud Affected by Public Link Exploit in github.com/opencloud-eu/opencloud

OpenCloud Affected by Public Link Exploit in github.com/opencloud-eu/opencloud. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GO-2026-4444 OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva

OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva...

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

CVE-2025-65516

Summary: CVE-2025-65516 is a stored XSS affecting Seafile Community Edition before 13.0.12 when using the Golang file server. An attacker can upload a crafted SVG containing malicious JavaScript and share it via a public link; opening that link triggers script execution in the victim’s browser. A...

CVE-2024-45161

CVE-2024-45161 describes a CSRF vulnerability in the administrative web GUI of Blu-Castle BCUM221E running version 1.0.0P220507. The issue can be triggered via a crafted URL, image load, or XMLHttpRequest, potentially leading to exposure of data or unintended code execution. The CVE notes a netwo...

CVE-2025-60500

QDocs Smart School Management System 7.1 contains a logic flaw in the media upload feature that lets authenticated users with roles such as accountant or admin bypass file type restrictions by abusing the alternate YouTube URL option. This enables uploading arbitrary PHP files that are stored in ...

EUVD-2025-34193

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

EUVD-2019-4878

Malware in sbrugna...

EUVD-1999-0713

Malware in sbrugna...

EUVD-2007-1789

Malware in sbrugna...

EUVD-2005-0343

Malware in sbrugna...

EUVD-2020-24861

Malware in sbrugna...

EUVD-2020-20857

Malware in sbrugna...

EUVD-2024-54474

Malicious code in bioql PyPI...

EUVD-2023-29962

Malicious code in bioql PyPI...

EUVD-2023-38364

Malicious code in bioql PyPI...

EUVD-2024-18120

Malicious code in bioql PyPI...