CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

EUVD-2026-30520

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

CVE-2026-8425

CVE-2026-8425 describes a Cross-Site Request Forgery in the WordPress Notify Odoo plugin (versions ≤ 1.0.1). The root cause is missing or incorrect nonce validation on the _updateSettings function, enabling unauthenticated attackers to alter the Notify Odoo URL and related settings (notification,...

CVE-2024-2052

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location...

EUVD-2008-4032

Malware in sbrugna...

EUVD-2005-1567

Malware in sbrugna...

EUVD-2002-1647

Malware in sbrugna...

EUVD-2018-5260

Malware in sbrugna...

EUVD-2025-4097

Malicious code in bioql PyPI...

EUVD-2024-27017

Malicious code in bioql PyPI...

EUVD-2022-3532

Malicious code in bioql PyPI...

EUVD-2022-2351

Malicious code in bioql PyPI...

EUVD-2024-46495

Malicious code in bioql PyPI...

EUVD-2023-57943

Malicious code in bioql PyPI...

EUVD-2022-4254

Malicious code in bioql PyPI...

CVE-2024-47870

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...

CVE-2024-5257

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2023-5650

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

CVE-2022-2882

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the...