417977 matches found
EUVD-2025-19314
Malicious code in bioql PyPI...
EUVD-2023-40312
Malicious code in bioql PyPI...
EUVD-2025-22205
Malicious code in bioql PyPI...
EUVD-2024-31807
Malicious code in bioql PyPI...
EUVD-2022-2504
Malicious code in bioql PyPI...
EUVD-2025-1946
Malicious code in bioql PyPI...
EUVD-2023-43651
Malicious code in bioql PyPI...
EUVD-2025-20854
Malicious code in bioql PyPI...
EUVD-2024-54950
Malicious code in bioql PyPI...
EUVD-2025-18114
Malicious code in bioql PyPI...
EUVD-2023-1681
Malicious code in bioql PyPI...
EUVD-2023-50564
Malicious code in bioql PyPI...
EUVD-2022-7473
Malicious code in bioql PyPI...
EUVD-2026-38043
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
EUVD-2026-31433
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
EUVD-2026-30961
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...
EUVD-2026-29404
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins...
EUVD-2026-30608
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
EUVD-2026-30284
Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...
EUVD-2025-209843
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation System: from v.21.6 befor...
EUVD-2026-30181
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
EUVD-2026-29850
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...
EUVD-2026-29157
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...
EUVD-2026-29018
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...
EUVD-2026-29019
A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...
EUVD-2026-28417
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...
EUVD-2026-27810
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...
EUVD-2026-27777
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...
EUVD-2026-27317
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that...
EUVD-2026-23116
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...
EUVD-2026-22993
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution...
EUVD-2026-10501
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
EUVD-2026-5616
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...
EUVD-2026-3529
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
EUVD-2025-199833
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...
EUVD-2021-10829
Malware in sbrugna...
EUVD-2021-25130
Malware in sbrugna...
EUVD-2010-0166
Malware in sbrugna...
EUVD-2021-1067
Malware in sbrugna...
EUVD-2021-15143
Malware in sbrugna...
EUVD-2021-27339
Malware in sbrugna...
EUVD-2006-1890
Malware in sbrugna...
EUVD-2019-0720
Malware in sbrugna...
EUVD-2020-28694
Malware in sbrugna...
EUVD-2021-0621
Malware in sbrugna...
EUVD-2021-21478
Malware in sbrugna...
EUVD-2024-16931
Malicious code in bioql PyPI...
EUVD-2025-22853
Malicious code in bioql PyPI...
EUVD-2024-48483
Malicious code in bioql PyPI...
EUVD-2025-21527
Malicious code in bioql PyPI...