CVE-2026-45448

CWE-601 URL redirection to untrusted site 'open redirect'...

CVE-2026-44224

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

Improper Access Control

Liferay Portal is vulnerable to Improper Access Control. The vulnerability is due to the default membership type being set to “Open” due to newly created sites allowing any registered user to become a member, enabling remote attackers who join the site to view, add, or edit content...

EUVD-2017-17736

Malware in sbrugna...

EUVD-2005-4843

Malware in sbrugna...

EUVD-2024-22489

Malicious code in bioql PyPI...

EUVD-2024-44452

Malicious code in bioql PyPI...

EUVD-2022-24902

Malicious code in bioql PyPI...

EUVD-2023-59177

Malicious code in bioql PyPI...

EUVD-2022-41230

Malicious code in bioql PyPI...

EUVD-2023-52786

Malicious code in bioql PyPI...

CVE-2025-36116 IBM Db2 Mirror for i cross-site websocket hijacking

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that th...

PYSEC-2025-25

Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allowcredentia...

CVE-2024-45051

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CVE-2024-54014

CVE-2024-54014 affects the Skylark App for Android (≤ 6.2.13) and iOS (≤ 6.2.13). The issue is an improper authorization in the handler for the app’s Custom URL Scheme, which could cause the app to load an arbitrary web site via another application on the device. According to the sources, the vul...

CVE-2024-54014

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device...

CVE-2024-54014

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device...