EUVD-2026-28999

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-40575

creationtimestamp| type| source ---|---|--- 2026-04-16 11:06:42+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-authentication-bypass-oauth2-can-lead-unauthorized-data-access-patch 2026-04-22 01:19:23+00:00| seen| Telegram/LUR06ONloRlViUIW27ojzHZG9BE33b4Dag-8VffcgXgN8 2026-04-22...

Incomplete List of Disallowed Inputs

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicious URIs into the...

CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...

CVE-2026-39315

Unhead (document head/template manager) contains a vulnerability in useHeadSafe() where hasDangerousProtocol() decodes HTML entities before blocked-scheme checks. The decoder uses two fixed-width regexes; HTML5 allows leading zeros in numeric character references, and when a padded entity exceeds...

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data...

CVE-2026-35409

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery SSRF protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be...

EUVD-2025-34417

Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally...

EUVD-2014-9527

Malware in sbrugna...

EUVD-2006-4560

Malware in sbrugna...

EUVD-2006-4969

Malware in sbrugna...

CVE-2025-56200

CVE-2025-56200 : Validator.js contains a URL validation bypass through version 13.15.15. The isURL() function splits on '://', but browsers use ':'; this allows crafting URLs that bypass protocol/domain checks and may enable XSS or open redirects. Connected sources indicate a fix is available in ...

Linux Distros Unpatched Vulnerability : CVE-2025-2498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain...

Linux Distros Unpatched Vulnerability : CVE-2018-6794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends...

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

CVE-2025-2498

Removed by vendor...

CVE-2025-2498 Insufficient Granularity of Access Control in GitLab

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

CVE-2025-46673

NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol SDLS...

Improper Validation of Specified Type of Input

Overview org.webjars.npm:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the isURL function which does not take into account : as the delimiter in browsers. An attackers can bypass...