EUVD-2026-31916

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

CVE-2025-54854 BigIP APM Vulnerability

When a BIG-IP APM OAuth access profile Resource Server or Resource Client is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2020-25746

Malware in sbrugna...

EUVD-2024-0822

Malicious code in bioql PyPI...

EUVD-2022-34418

Malicious code in bioql PyPI...

EUVD-2024-2206

Malicious code in bioql PyPI...

CVE-2024-39460

Summary: CVE-2024-39460 affects Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier. In certain cases it prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log, exposing credentials. The OSV entry notes that plugin 887.va_d359b_3d2d8d does not inclu...

CVE-2024-39460

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases...

Maliciously Crafted Cracked Software Propagates Lumma Stealer via YouTube

Summary: In an attempt to deceive users into downloading the information-stealing virus Lumma, threat actors are exploiting YouTube videos featuring content related to cracked software. These videos typically include content related to the use of cracked software, accompanied by identical...

GitLab CE EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE EE, which...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...

PT-2021-15710 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form WordPress plugin versions prior to 3.4.34.1 Description: The issue allows low-level users, such as subscribers, to trigger the wp ajax nf oauth action and retrieve the connection URL needed to establish a connection...