417628 matches found
EUVD-2025-22763
Malicious code in bioql PyPI...
EUVD-2023-32094
Malicious code in bioql PyPI...
EUVD-2024-20887
Malicious code in bioql PyPI...
EUVD-2023-34343
Malicious code in bioql PyPI...
EUVD-2024-54655
Malicious code in bioql PyPI...
EUVD-2023-0497
Malicious code in bioql PyPI...
EUVD-2025-27227
Malicious code in bioql PyPI...
EUVD-2023-31858
Malicious code in bioql PyPI...
EUVD-2024-0448
Malicious code in bioql PyPI...
EUVD-2023-1510
Malicious code in bioql PyPI...
EUVD-2022-2658
Malicious code in bioql PyPI...
EUVD-2021-27530
Malicious code in bioql PyPI...
EUVD-2022-52771
Malicious code in bioql PyPI...
EUVD-2025-0007
Malicious code in bioql PyPI...
EUVD-2022-6354
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...
EUVD-2026-33831
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...
EUVD-2026-33556
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scanmemorycontent of the file tools/memorytool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used f...
EUVD-2026-30803
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...
EUVD-2026-30712
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
EUVD-2026-30611
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...
EUVD-2026-30534
Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-30343
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-29685
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
EUVD-2026-29587
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
EUVD-2026-29604
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-29444
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
EUVD-2026-29426
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
EUVD-2026-29141
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
EUVD-2025-209753
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
EUVD-2026-28880
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
EUVD-2026-28822
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...
EUVD-2026-28342
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...
EUVD-2025-209709
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual...
EUVD-2026-28318
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...
EUVD-2025-209616
Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy without runtime length validation...
EUVD-2026-26783
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...
EUVD-2026-23362
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...
EUVD-2026-1580
The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...
EUVD-2025-37329
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through 4.8.126...
EUVD-2020-20794
Malware in sbrugna...
EUVD-2021-10036
Malware in sbrugna...
EUVD-2020-0493
Malware in sbrugna...
EUVD-2020-27897
Malware in sbrugna...
EUVD-2021-11168
Malware in sbrugna...
EUVD-2021-18715
Malware in sbrugna...
EUVD-2019-6082
Malware in sbrugna...
EUVD-2020-0590
Malware in sbrugna...
EUVD-2016-2014
Malware in sbrugna...
EUVD-2020-24748
Malware in sbrugna...
EUVD-2023-24773
Malicious code in bioql PyPI...