EUVD-2022-26886

Malicious code in bioql PyPI...

EUVD-2024-29934

Malicious code in bioql PyPI...

EUVD-2022-33224

Malicious code in bioql PyPI...

EUVD-2023-58352

Malicious code in bioql PyPI...

EUVD-2024-1003

Malicious code in bioql PyPI...

EUVD-2024-0938

Malicious code in bioql PyPI...

EUVD-2022-7073

Malicious code in bioql PyPI...

EUVD-2024-0949

Malicious code in bioql PyPI...

EUVD-2023-0864

Malicious code in bioql PyPI...

EUVD-2023-38206

Malicious code in bioql PyPI...

EUVD-2024-3289

Malicious code in bioql PyPI...

PT-2025-40541

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below Description Cursor, a code editor for programming with AI, has an issue where automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override global...

PT-2025-40534

🚨 CVE-2024-41886 Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the...

go-f3 Vulnerable to Cached Justification Verification Bypass

Description A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by: 1. First submitting a valid message with a correct...

CVE-2025-5914 affecting package libarchive for versions less than 3.7.7-3

CVE-2025-5914 affecting package libarchive for versions less than 3.7.7-3. A patched version of the package is available...

CVE-2025-58754

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 aka SessionReaper, carries a CVSS score of 9.1 out of a maximum ...

CVE-2025-58451 Cattown Vulnerable to Inefficient Regular Expression Complexity and Uncontrolled Resource Consumption

Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...