EUVD-2026-26484

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

EUVD-2020-18471

Malware in sbrugna...

EUVD-2018-4079

Malware in sbrugna...

EUVD-2015-8717

Malware in sbrugna...

EUVD-2019-13113

Malware in sbrugna...

EUVD-2022-2198

Malicious code in bioql PyPI...

EUVD-2024-35559

Malicious code in bioql PyPI...

EUVD-2022-39018

Malicious code in bioql PyPI...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

Linux Distros Unpatched Vulnerability : CVE-2019-14858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog...

jooby-pac4j: deserialization of untrusted data

Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from the use of uninitialized stack memory under certain circumstances...

Joomla! 5.x < 5.2.3 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...

CVE-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

Joomla! 3.x < 3.10.16 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...

Smarty 安全漏洞

Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A security vulnerability exists in Smarty that stems from allowing an attacker to inject PHP code by selecting a malicious filename via extends-tag. Affected products and versions:...

PT-2024-40514 · Contao · Contao/Core

Name of the Vulnerable Software and Affected Versions: contao/core versions 2.x prior to 2.11.17 contao/core versions 3.x prior to 3.2.9 Description: The issue is related to arbitrary code execution on the server due to insufficient input validation. Attackers can exploit this by entering a...