CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

CVE-2026-2752

CVE-2026-2752 affects Navtor NavBox via the /api/ais-data endpoint, where a remote unauthenticated attacker can trigger an unhandled exception, causing verbose .NET stack traces to be returned. This information disclosure exposes internal class names, methods, and third‑party library references (...

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

NI FlexRIO < 2025 Q1 Arbitrary Code Execution (CVE-2024-12740)

The version of NI FlexRIO installed on the remote Windows host is prior to 2025 Q1. It is, therefore, affected by an arbitrary code execution vulnerability: - NI FlexRIO uses a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in...

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

EUVD-2026-3712

Malicious code in jquery-ajaxchimp npm...

PT-2025-48120

Name of the Vulnerable Software and Affected Versions Drupal Webform Multiple File Upload module versions 7.x affected versions not specified Description The Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS issue in the file name renderer. An unauthenticated...

EUVD-2024-51081

Malicious code in bioql PyPI...

EUVD-2023-58404

Malicious code in bioql PyPI...

EUVD-2023-57649

Malicious code in bioql PyPI...

EUVD-2021-31361

Malicious code in bioql PyPI...

MAL-2025-13862 Malicious code in @zittertea/dolorem-enim-soluta-animi (npm)

The package @zittertea/dolorem-enim-soluta-animi was found to contain malicious code...

MAL-2025-6859 Malicious code in third-party-library (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0f1110748d4cb8dc4eb9d93bf92e8da0c61f4f1de420b3d738ed106689c7a1d9 The OpenSSF Package Analysis project identified 'third-party-library'...

Malicious code in third-party-library (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0f1110748d4cb8dc4eb9d93bf92e8da0c61f4f1de420b3d738ed106689c7a1d9 The OpenSSF Package Analysis project identified 'third-party-library'...

CVE-2024-32985

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

CVE-2024-12740

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...

CVE-2024-12740

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...