36 matches found
EUVD-2025-201459
TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...
EUVD-2021-14854
Malware in sbrugna...
EUVD-2018-11612
Malware in sbrugna...
EUVD-2019-4676
Malware in sbrugna...
EUVD-2016-1709
Malware in sbrugna...
EUVD-2019-10279
Malware in sbrugna...
EUVD-2024-36074
Malicious code in bioql PyPI...
EUVD-2022-41753
Malicious code in bioql PyPI...
EUVD-2022-0326
Malicious code in bioql PyPI...
EUVD-2023-57456
Malicious code in bioql PyPI...
EUVD-2022-48997
Malicious code in bioql PyPI...
EUVD-2024-1379
Malicious code in bioql PyPI...
EUVD-2024-37895
Malicious code in bioql PyPI...
CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can creat...
CVE-2025-53113
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...
CVE-2025-27613 Gitk can create and truncate files in the user's home directory
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...
CVE-2025-29877 File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...
CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...
CVE-2023-48302
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...
CVE-2019-19394
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0...