CVE-2026-35603

CVE-2026-35603 (Claude Code, Windows) : In versions prior to 2.1.75, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Since ProgramData is writable by non-administrative user...

Insecure Temporary File Usage

llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...

Qodo Gen 安全漏洞

Qodo Gen is a code AI aid from Qodo, Inc. in the United States. A security vulnerability exists in Qodo Gen that stems from vulnerability to a path traversal attack that could result in reading arbitrary local files on an end-user's system...

EUVD-2019-9730

Malware in sbrugna...

EUVD-2020-30112

Malware in sbrugna...

EUVD-2017-11786

Malware in sbrugna...

EUVD-2018-1319

Malware in sbrugna...

EUVD-2019-6175

Malware in sbrugna...

EUVD-2017-3431

Malware in sbrugna...

EUVD-2025-19030

Malicious code in bioql PyPI...

EUVD-2023-24419

Malicious code in bioql PyPI...

EUVD-2023-58789

Malicious code in bioql PyPI...

EUVD-2021-9341

Malicious code in bioql PyPI...

EUVD-2022-52809

Malicious code in bioql PyPI...

CVE-2025-28016

The CVE-2025-28016 entry concerns the PHPGurukul User Registration & Login and User Management System v3.3. A Reflected Cross-Site Scripting (XSS) vulnerability exists in loginsystem/edit-profile.php, allowing remote attackers to execute arbitrary JavaScript via the fname, lname, and contact para...

Linux Distros Unpatched Vulnerability : CVE-2021-32773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket...

CVE-2025-9302

A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...

Linux Distros Unpatched Vulnerability : CVE-2023-1583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference was found in iofilebitmapget in iouring/filetable.c in the iouring sub- component in the Linux Kernel. When fixed files are...

CVE-2024-13972

CVE-2024-13972 affects Sophos Intercept X for Windows updater prior to Core Agent 2024.3.2. The root cause is mishandling of registry permissions that allows a local user to escalate to SYSTEM during a product upgrade. CVSSv3.1 vector: LOCAL, LOW attack complexity, PR: LOW, UI: NONE, Scope: CHANG...

CVE-2025-42982 Information Disclosure in SAP GRC (AC Plugin)

SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application...