CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

CVE-2026-6849 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

CVE-2025-68276 affecting package avahi for versions less than 0.8-6

CVE-2025-68276 affecting package avahi for versions less than 0.8-6. A patched version of the package is available...

CVE-2025-68468 affecting package avahi for versions less than 0.8-5

CVE-2025-68468 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

CVE-2025-68276 affecting package avahi for versions less than 0.8-5

CVE-2025-68276 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

CVE-2005-1450

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...

CVE-2025-14549 OMR on Z processors Exposing a possible buffer over-read problem

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

WordPress plugin Associados Amazon Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site request...

EUVD-2007-4159

Malware in sbrugna...

EUVD-2007-6436

Malware in sbrugna...

EUVD-2012-6598

Malware in sbrugna...

EUVD-2005-1455

Malware in sbrugna...

EUVD-2020-4450

Malware in sbrugna...

EUVD-2025-28044

Malicious code in bioql PyPI...

CVE-2025-55524

Insecure permissions in Agent-Zero v0.8. allow attackers to arbitrarily reset the system via unspecified vectors...

CVE-2025-55524

Insecure permissions in Agent-Zero v0.8. allow attackers to arbitrarily reset the system via unspecified vectors...

CVE-2012-10037

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...

CVE-2012-10037 PhpTax pfilez Parameter Exec Remote Code Injection

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...