38 matches found
EUVD-2026-44969
The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...
CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...
EUVD-2025-201459
TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...
EUVD-2016-1709
Malware in sbrugna...
EUVD-2019-4676
Malware in sbrugna...
EUVD-2018-11612
Malware in sbrugna...
EUVD-2019-10279
Malware in sbrugna...
EUVD-2021-14854
Malware in sbrugna...
EUVD-2022-0326
Malicious code in bioql PyPI...
EUVD-2022-41753
Malicious code in bioql PyPI...
EUVD-2023-57456
Malicious code in bioql PyPI...
EUVD-2022-48997
Malicious code in bioql PyPI...
EUVD-2024-36074
Malicious code in bioql PyPI...
EUVD-2024-1379
Malicious code in bioql PyPI...
EUVD-2024-37895
Malicious code in bioql PyPI...
CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can creat...
CVE-2025-53113
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...
CVE-2025-27613 Gitk can create and truncate files in the user's home directory
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...
CVE-2025-29877 File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...
CVE-2025-49009 Para Inserts Sensitive Information into Log File for Facebook authentication
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in FacebookAuthFilter.java results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access...