CVE-2026-38587

CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...

PT-2026-43264

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

CVE-2026-37981

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...

CVE-2025-69752

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

CVE-2025-48555

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2020-5422

Malware in sbrugna...

EUVD-2017-3859

Malware in sbrugna...

EUVD-2021-1392

Malware in sbrugna...

EUVD-2025-17045

Malicious code in bioql PyPI...

EUVD-2022-24584

Malicious code in bioql PyPI...

EUVD-2023-42077

Malicious code in bioql PyPI...

CVE-2025-8368

creationtimestamp| type| source ---|---|--- 2025-07-31 07:52:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvanptdwil2p...

GHSA-GQ52-6PHF-X2R6

creationtimestamp| type| source ---|---|--- 2025-07-26 02:35:24+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3lutjom5oa52b...

GHSA-RM8P-CX58-HCVX

creationtimestamp| type| source ---|---|--- 2025-07-24 12:00:52+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3lupidus46d2k 2025-07-25 12:00:52+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3luryssiohm2k...

CVE-2025-7655

creationtimestamp| type| source ---|---|--- 2025-07-19 06:20:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lucczgnfvf2j...

CVE-2025-5800

creationtimestamp| type| source ---|---|--- 2025-07-18 08:58:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lua3eaibq72w...

CVE-2025-4694

creationtimestamp| type| source ---|---|--- 2025-07-06 01:11:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltb3njyq5y2l...

CVE-2025-1754

creationtimestamp| type| source ---|---|--- 2025-06-26 05:49:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19572 2025-06-26 10:27:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsiw3om6z325...

CVE-2025-5714

CVE-2025-5714 affects SoluçõesCoop iSoluçõesWEB up to 20250516, specifically the Profile Information Update component. The vulnerability lies in the /sys/up.upload.php file where manipulating the nomeArquivo argument enables a path traversal, potentially exploitable remotely. Several sources (NVD...

CVE-2025-5714 SoluçõesCoop iSoluçõesWEB Profile Information Update up.upload.php path traversal

A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possib...