46 matches found
EUVD-2026-4394
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
EUVD-2026-4475
Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
EUVD-2026-2063
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code...
EUVD-2026-1237
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...
EUVD-2026-0077
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0137
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0233
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0397
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2025-18470
Malicious code in bioql PyPI...
EUVD-2025-14207
Malicious code in bioql PyPI...
EUVD-2025-32053
Malicious code in bioql PyPI...
Development of a Standardized Testing Environment for QRNGs Based on Semiconductor Laser Phase Noise
Quantum random number generators QRNGs based on semiconductor laser phase noise are an inexpensive and efficient resource for true random numbers. Commercially available technology allows for designing QRNG setups tailored to specific use cases. However, it is important to constantly monitor...
CGA-H39V-79WR-W67F
Bulletin has no description...
SAP NetWeaver AS Java Information Disclosure (April 2024)
SAP NetWeaver Application Server for Java is affected by an information disclosure vulnerability. 'Self-Registration' and 'Modify your own profile' in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. Th...
CVE-2024-27899
CVE-2024-27899 affects SAP NetWeaver AS Java, specifically the User Admin Application’s Self-Registration and profile modification function, which does not enforce proper security for the content of newly defined security answers. Root cause is a misconfiguration/weak security controls in user ma...
Design/Logic Flaw
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...
CVE-2023-5422 SSL Certificates are not checked for E-Mail Handling
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...
CVE-2023-22492 RefreshToken invalidation vulnerability
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...
GHSA-6RRR-78XP-5JP8 Zitadel RefreshToken invalidation vulnerability
Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...
Zitadel RefreshToken invalidation vulnerability
Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...