EUVD-2018-2637

Malware in sbrugna...

EUVD-2023-59686

Malicious code in bioql PyPI...

EUVD-2025-19763

Malicious code in bioql PyPI...

EUVD-2025-26501

Malicious code in bioql PyPI...

EUVD-2022-53355

Malicious code in bioql PyPI...

EUVD-2022-1867

Malicious code in bioql PyPI...

CVE-2025-53694 Information Disclosure in ItemServices API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP.This issue affects Sitecore Experience Manager XM: from 9.2 through 10.4; Experience Platform XP: from 9.2 through 10.4...

CVE-2025-53694

CVE-2025-53694 is an information-disclosure vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) affecting XM 9.2–10.4 and XP 9.2–10.4. The issue stems from exposure of sensitive information via the ItemService API, accessible under restricted anonymous conditions, enabl...

CVE-2025-52559

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

CVE-2025-52559

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

CVE-2025-52559

Zulip Server contains an XSS vulnerability in the /digest/ URL that previews weekly digests, affecting topic and channel names. Affected versions are Zulip Server 2.0.0-rc1 through before 10.4. The issue is fixed in Zulip Server 10.4. Workarounds include denying access to /digest/ until updated. ...

CVE-2025-52559 Zulip XSS in digest preview URL

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

Grafana 11.2.x < 11.2.1 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is 10.3.x earlier than 10.3.10, or 10.4.x earlier than 10.4.9, or 11.0.x earlier than 11.0.5, or 11.1.x earlier than 11.1.6, or 11.2.x earlier than 11.2.1. It is, therefore, affected by multiple vulnerabilities:...

CVE-2022-1351

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4...

CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...

GHSA-689C-XQ7X-XJWF Mattermost Playbooks fails to validate the uniqueness and quantity of task actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

Drupal 10.4.x < 10.4.5 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 11.1.x prior to 11.1.5, 11.0.x prior to 11.0.13, 10.4.x prior to 10.4.5 or 8.x prior to 10.3.14. Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross-Site...

BIT-MARIADB-2022-32081

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepareinplaceaddvirtual at /storage/innobase/handler/handler0alter.cc...

GitLab <= 10.3.7, 10.4.x - 10.4.4, 10.5.x - 10.5.4 Improper Input Validation Vulnerability

GitLab is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-26146

Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker...