CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2026-41937

Summary: CVE-2026-41937 affects Vvveb prior to 1.0.8.3. An unrestricted file upload in the plugin upload endpoint lets super_admin users craft a ZIP (plugin.php with a valid Slug header and public/index.php) that executes arbitrary PHP code as the web server user when accessed at the plugin’s pub...

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

EUVD-2026-10532

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

EUVD-2014-5138

Malware in sbrugna...

EUVD-2025-4981

Malicious code in bioql PyPI...

EUVD-2024-19368

Malicious code in bioql PyPI...

EUVD-2023-31325

Malicious code in bioql PyPI...

EUVD-2025-6585

Malicious code in bioql PyPI...

Spying on People Through Airportr Luggage Delivery Service

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it's used by wealthy or important people. So if the company's website is insecure, you'd be able to spy on lots of wealthy or important people. And mayb...

Environment Variable Exposure

github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

CVE-2024-54024

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...

CVE-2024-54024

CVE-2024-54024 affects Fortinet FortiIsolator prior to 2.4.6, due to improper neutralization of special elements in OS commands (OS Command Injection). A privileged attacker with a super-admin profile and CLI access can execute unauthorized code via specially crafted HTTP requests. Affected compo...

CVE-2024-54027

CVE-2024-54027 describes a Use of Hard-coded Cryptographic Key (CWE-321) in Fortinet FortiSandbox. Affected versions include 4.4.6 and below, 4.2.7 and below, 4.0.5 and below, 3.2.4 and below, 3.1.5 and below, and 3.0.7 to 3.0.5. A privileged attacker with a super-admin profile and CLI access can...

CVE-2025-25225 Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers administrator to escalate their privileges to Super Admin Permissions...