EUVD-2025-10357

Malicious code in bioql PyPI...

EUVD-2025-10360

Malicious code in bioql PyPI...

EUVD-2023-1310

Malicious code in bioql PyPI...

EUVD-2025-7679

Malicious code in bioql PyPI...

EUVD-2025-12645

Malicious code in bioql PyPI...

EUVD-2025-10359

Malicious code in bioql PyPI...

EUVD-2023-46787

Malicious code in bioql PyPI...

CVE-2025-20113

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HT...

CVE-2025-20164

CVE-2025-20164 affects Cisco IOS Software’s Industrial Ethernet Switch DM. The issue is insufficient authorization validation, allowing an authenticated, remote attacker with valid credentials (privilege level 5+; read-only DM users are level 5) to send a crafted HTTP request and escalate to priv...

CVE-2025-25962

An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the modifyPosition function...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

CVE-2025-28400

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...

CVE-2025-28410

CVE-2025-28410 concerns RUoYi v4.8.0. Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA EUVD) describe a privilege-escalation flaw in the remote procedure cancelAuthUserAll, where the request is not properly validated for administrative privileges. This enables an attacker to escalate from a non-...

CVE-2025-28405

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method...

CVE-2024-57603

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting...

Cross Site Scripting vulnerability in Snipe-IT

Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/user-id/files...

CVE-2024-33444

SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...

Design/Logic Flaw

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG...

CVE-2023-26462

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials usable for privilege escalation are stored in an insecure format. To read this stored data, the attacker needs access to the application server or its source code...

CVE-2022-41675

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...