EUVD-2025-0070

Malicious code in bioql PyPI...

EUVD-2025-23992

Malicious code in bioql PyPI...

CVE-2025-46414

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

CVE-2025-46414

CVE-2025-46414 affects EG4 Electronics EG4 Inverters. The vulnerability is an unlimited number of PIN-entry attempts for a registered product, enabling brute-force access if an attacker has a valid device serial number. The API provides clear feedback on correct PINs. A server-side patch was issu...

CVE-2024-48919

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38367

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38367

CVE-2024-38367 concerns the CocoaPods trunk authentication server (trunk.cocoapods.org). The underlaying issue was a vulnerability in the trunk sessions verification step that could be manipulated to hijack the owner’s session, potentially yielding a full takeover of the CocoaPods trunk account. ...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...