EUVD-2025-38157

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

EUVD-2025-37780

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...

EUVD-2025-37830

EUVD-2025-37830...

EUVD-2025-37603

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2025-37608

The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

EUVD-2025-37725

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information...

EUVD-2025-37699

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A website may exfiltrate image data cross-origin...

EUVD-2025-37722

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1, macOS Sequoia 15.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory...

EUVD-2025-37635

This issue was addressed with improved validation of symlinks. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to break out of its sandbox...

EUVD-2025-35778

Not used...

EUVD-2025-32415

Not used...

EUVD-2025-29263

Malicious code in bioql PyPI...

EUVD-2025-32079

Malicious code in bioql PyPI...

EUVD-2025-32072

Malicious code in bioql PyPI...

EUVD-2025-32051

Malicious code in bioql PyPI...

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the externalReferenceCode parameter in the /o/c/ API endpoint. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input. Details Cross-site scripting or XSS is a code...

GHSA-VG6H-G5MR-9HGV Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

Liferay Stored Cross-site Scripting vulnerability

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35 allows remote attackers to inject arbitrary web...

CVE-2025-43802

Stored cross-site scripting XSS vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web...