CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads

Key Takeaways Unsupported software increasingly exists inside container images and Kubernetes workloads, not just traditional infrastructure. Lifecycle risk extends beyond CVEs because unsupported software eventually stops receiving patches and vendor maintenance. Outdated base images and runtime...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

CVE-2025-40906

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON...

CVE-2024-34365

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to th...

CVE-2025-11278

CVE-2025-11278 affects AllStarLink Supermon up to 6.2, targeting the AllMon2 component. The issue enables cross-site scripting and can be triggered remotely. Public exploit details exist; vendor responsiveness is unclear and affected products are no longer maintained. No remediation or fixed vers...

EUVD-2025-7181

Malicious code in bioql PyPI...

EUVD-2024-0941

Malicious code in bioql PyPI...

EUVD-2024-1376

Malicious code in bioql PyPI...

EUVD-2023-58510

Malicious code in bioql PyPI...

EUVD-2025-0182

Malicious code in bioql PyPI...

EUVD-2023-58878

Malicious code in bioql PyPI...

EUVD-2024-48294

Malicious code in bioql PyPI...

EUVD-2024-2174

Malicious code in bioql PyPI...

PT-2025-31951 · Libav · Libav

Name of the Vulnerable Software and Affected Versions: libav versions up to 12.3 Description: A critical vulnerability exists in libav, specifically within the DSS File Demuxer component. The issue resides in the main function of the /avtools/avconv.c file and results in a double free condition...

CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

CVE-2025-50096

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...

CVE-2025-53032

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

CVE-2025-50084

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

CVE-2025-50077

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...