Lucene search
+L

38 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44969

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:32 p.m.35 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 6:3 p.m.7 views

EUVD-2025-201459

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

8.9CVSS6.6AI score0.00445EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1709

Malware in sbrugna...

8.1CVSS8.2AI score0.01112EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4676

Malware in sbrugna...

9.8CVSS9.2AI score0.01837EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11612

Malware in sbrugna...

7.5CVSS7.5AI score0.00658EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-10279

Malware in sbrugna...

6.5CVSS6.6AI score0.00685EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-14854

Malware in sbrugna...

7.5CVSS7.4AI score0.02273EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0326

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00716EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41753

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.00912EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57456

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-48997

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00539EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-36074

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1379

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.0047EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-37895

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2025/08/05 11:28 p.m.9 views

CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can creat...

7.1CVSS6.8AI score0.00425EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.3 views

CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

2.7CVSS6AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 2:58 p.m.16 views

CVE-2025-27613 Gitk can create and truncate files in the user's home directory

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

3.6CVSS7.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/06 3:52 p.m.6 views

CVE-2025-29877 File Station 5

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

5.3CVSS7.1AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2025/06/05 4:40 p.m.10 views

CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...

6.2CVSS6.4AI score0.00145EPSS
Exploits0References4
Rows per page
Query Builder