EUVD-2017-4088

Malware in sbrugna...

EUVD-2017-4108

Malware in sbrugna...

EUVD-2017-4062

Malware in sbrugna...

EUVD-2018-15995

Malware in sbrugna...

EUVD-2024-43408

Malicious code in bioql PyPI...

EUVD-2025-22549

Malicious code in bioql PyPI...

EUVD-2024-30277

Malicious code in bioql PyPI...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

PT-2025-31672 · Materialx · Materialx

Name of the Vulnerable Software and Affected Versions: MaterialX version 1.39.2 Description: MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory...

CVE-2025-53941 Hollo renders posts received with form elements and allows submission

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue...

CVE-2025-53015

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

PT-2025-27888 · Unknown · Gopiplus Iframe Images Gallery

Name of the Vulnerable Software and Affected Versions: gopiplus iFrame Images Gallery versions prior to 9.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection. This is a problem where an attacker can inject...

CVE-2024-1174

Previous versions of HP ThinPro prior to HP ThinPro 8.0 SP 8 could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

CVE-2023-49781

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

PT-2025-20136 · Unknown · Eli'S Related Posts Footer Links/Widget

Name of the Vulnerable Software and Affected Versions: ELI's Related Posts Footer Links and Widget versions 1.2.04.20 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended...

CVE-2025-31118 NamelessMC Has Forum Reply Submission Time Limit Bypass

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature viewtopic.php does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction,...

PT-2025-17056 · Unknown · Antoine Guillien Restrict Taxonomies

Name of the Vulnerable Software and Affected Versions: Antoine Guillien Restrict Taxonomies versions 1.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potenti...