EUVD-2025-15223

Malicious code in bioql PyPI...

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks...

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

CVE-2025-0718 Nested Pages < 3.2.13 - Contributor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-17620 · Unknown · Keyinstall

Name of the Vulnerable Software and Affected Versions: keyinstall affected versions not specified Description: The issue is related to a possible out of bounds write due to an integer overflow in keyinstall. This could lead to local escalation of privilege with System execution privileges needed...

Updated postgresql packages fix multiple security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...