CVE-2025-14460

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

CVE-2025-3652

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with...

Petlibro Smart Pet Feeder Platform 安全漏洞

Petlibro Smart Pet Feeder Platform is a smart pet management system from Petlibro. A security vulnerability exists in Petlibro Smart Pet Feeder Platform version 1.7.31 and earlier, which stems from a sequential audio ID and an insecurely assigned endpoint that could lead to unauthorized access to...

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

EUVD-2025-201445

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

Calendar app allowed booking appointments without the generated token

None...

PT-2025-49289

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.19 Nextcloud Calendar versions prior to 5.5.6 Nextcloud Calendar versions prior to 6.0.1 Description The Nextcloud Calendar application contained a flaw where appointments could be booked without knowin...

Inside Track 加密问题漏洞

Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...

PT-2025-44426

Name of the Vulnerable Software and Affected Versions mCarFix Motorists App version 2.3 Description The mCarFix Motorists App has improper access control issues. An attacker can bypass verification to create accounts and, by manipulating sequential numeric IDs, gain unauthorized access to user da...

EUVD-2022-54529

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

EUVD-2019-0109

Malware in sbrugna...

EUVD-2020-12731

Malware in sbrugna...

EUVD-2008-4084

Malware in sbrugna...

EUVD-2024-19713

Malicious code in bioql PyPI...

EUVD-2023-51785

Malicious code in bioql PyPI...

EUVD-2025-9789

Malicious code in bioql PyPI...

EUVD-2025-23993

Malicious code in bioql PyPI...