EUVD-2020-27320

Malware in sbrugna...

EUVD-2023-35293

Malicious code in bioql PyPI...

CVE-2025-38214

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...

CVE-2023-30955

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

MGASA-2024-0120 Updated postgresql-jdbc packages fix security vulnerability

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

OPENSUSE-SU-2023:0396-1 Security update for opera

This update for opera fixes the following issues: - Update to 105.0.4970.34 DNA-112796 Import Import bookmarks and history don't work DNA-113147 Add strength setting for Lucid Mode DNA-113148 Update 'Lucid Mode' button on videos to enable / disable split preview DNA-113287 Add strength setting fo...

CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...

CVE-2023-34750

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit...

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

CVE-2018-14060

CVE-2018-14060 describes an OS command-injection in the AP mode settings feature of Xiaomi R3D devices (pre-2.26.4) via /cgi-bin/luci/api/misystem/set_router_wifiap, allowing an attacker to execute arbitrary commands through crafted JSON data. The affected component is the router firmware’s AP mo...