EUVD-2025-209830

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

EUVD-2025-28436

Malicious code in bioql PyPI...

ATX Ucrypt Code Issue Vulnerability

ATX Ucrypt is a series of media distribution gateways over IP Q2IP from ATX America, Inc. It is designed to provide reliable and secure HD or SD programming to hotels or other commercial venues. A security vulnerability exists in ATX Ucrypt 3.5 and prior versions, which stems from the presence of...

CVE-2023-3848

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated...

GHSA-4MVC-QC5W-V5QR Information disclosure in the Contao backend

Impact Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Patches Update to Contao 4.4.46 or 4.8.6. Workarounds None. References https://contao.org/en/security-advisories/information-disclosure-in-the-back-end For more information If...

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...