CVE-2019-16461

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

EUVD-2017-9976

Malware in sbrugna...

EUVD-2017-17914

Malware in sbrugna...

EUVD-2024-43832

Malicious code in bioql PyPI...

EUVD-2023-39101

Malicious code in bioql PyPI...

EUVD-2025-11785

Malicious code in bioql PyPI...

EUVD-2023-38225

Malicious code in bioql PyPI...

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

BIT-GITLAB-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

CVE-2025-47619 WordPress 6Storage Rentals plugin <= 2.20.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through = 2.20.2...

CVE-2024-13930 Authenticated Unchecked Loop Condition

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

PT-2025-21994 · Unknown · Rootspersona

Name of the Vulnerable Software and Affected Versions: Rootspersona versions 3.7.5 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue may be exploited by an attacker to perform action...

CVE-2025-4641

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

CVE-2025-46436

Cross-Site Request Forgery CSRF vulnerability in Sebastian Echeverry SCSS-Library scss-library allows Cross Site Request Forgery.This issue affects SCSS-Library: from n/a through = 0.4.1...

PT-2025-18079 · Dell · Dell Powerprotect Data Manager Reporting

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager Reporting versions 19.16 through 19.18 Description: The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine. A high privileged attacker with local access could potentiall...

CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

CVE-2024-13177 Symlink Following in Netskope Client Postinstall Script

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system...

CVE-2025-31789

Missing Authorization vulnerability in Matat Technologies TextMe SMS textme-sms-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through = 1.9.1...

Malformed MongoDB wire protocol messages may cause mongos to crash

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...

MongoDB Server may crash due to improper validation of explain command

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...