EUVD-2026-35850

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

CVE-2026-34712 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

CVE-2026-34712

CVE-2026-34712 affects CAI Content Credentials components [email protected] and c2pa-v0.80.1 (and earlier). The issue is Improper Input Validation, causing a crash and a denial-of-service condition; exploitation does not require user interaction and can be conducted remotely via network. CVSSv3.1 ba...

CVE-2026-47902 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

EUVD-2014-5968

Malware in sbrugna...

EUVD-2025-25617

Malicious code in bioql PyPI...

EUVD-2023-46935

Malicious code in bioql PyPI...

EUVD-2025-9679

Malicious code in bioql PyPI...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

PT-2025-20886 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon web versions 24.10.3 through 24.10.4 Centreon web versions 24.04.09 through 24.04.10 Centreon web versions 23.10.19 through 23.10.21 Centreon web versions 23.04.24 through 23.04.26 Description: The issue is related to improper...

CVE-2025-3087

CVE-2025-3087 concerns a stored XSS in M-Files Web. Affected are M-Files Web versions 25.1.14445.5 through 25.2.14524.4. The issue arises from stored cross-site scripting that can be triggered by an authenticated user who can run scripts. Documented impact is that scripts may be executed in the u...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8709 more potentially affected by CVE-2024-22262 via org.springframework:spring-web (>=6.1.0 <=6.1.5)

org.springframework:spring-web MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2024-22262 Source advisory: OSV:GHSA-2WRP-6FG6-HMC5...

Grup Arge Energy and Control Systems SmartPower Energy Management System SQL注入漏洞

Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A security vulnerability exists in Grup Arge Energy and Control Systems SmartPower Energy...

Grup Arge Energy and Control Systems SmartPower Energy Management System SQL注入漏洞

The Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A SQL injection vulnerability exists in Grup Arge Energy and Control Systems SmartPowe...

CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

PT-2019-2900 · Icedtea +4 · Icedtea-Web +4

Name of the Vulnerable Software and Affected Versions: IcedTea-Web versions 1.7.2 and 1.8.2 Description: The issue is related to the improper sanitization of paths from jar/ elements in JNLP files. This could allow an attacker to trick a victim into running a specially crafted application,...