417735 matches found
EUVD-2023-57531
Malicious code in bioql PyPI...
EUVD-2024-48866
Malicious code in bioql PyPI...
EUVD-2022-47659
Malicious code in bioql PyPI...
EUVD-2025-22780
Malicious code in bioql PyPI...
EUVD-2022-5169
Malicious code in bioql PyPI...
EUVD-2021-30152
Malicious code in bioql PyPI...
EUVD-2022-5425
Malicious code in bioql PyPI...
EUVD-2025-16305
Malicious code in bioql PyPI...
EUVD-2025-27262
Malicious code in bioql PyPI...
EUVD-2023-28803
Malicious code in bioql PyPI...
EUVD-2025-25038
Malicious code in bioql PyPI...
EUVD-2025-30819
Malicious code in bioql PyPI...
EUVD-2025-25001
Malicious code in bioql PyPI...
EUVD-2023-40312
Malicious code in bioql PyPI...
EUVD-2024-31296
Malicious code in bioql PyPI...
EUVD-2021-31003
Malicious code in bioql PyPI...
EUVD-2025-18212
Malicious code in bioql PyPI...
EUVD-2024-3522
Malicious code in bioql PyPI...
EUVD-2025-5702
Malicious code in bioql PyPI...
EUVD-2023-42174
Malicious code in bioql PyPI...
EUVD-2023-50532
Malicious code in bioql PyPI...
EUVD-2021-31368
Malicious code in bioql PyPI...
EUVD-2021-29623
Malicious code in bioql PyPI...
EUVD-2022-6117
Malicious code in bioql PyPI...
EUVD-2022-0497
Malicious code in bioql PyPI...
EUVD-2022-5132
Malicious code in bioql PyPI...
EUVD-2024-47276
Malicious code in bioql PyPI...
EUVD-2022-42645
Malicious code in bioql PyPI...
EUVD-2024-40081
Malicious code in bioql PyPI...
EUVD-2022-4627
Malicious code in bioql PyPI...
EUVD-2023-58181
Malicious code in bioql PyPI...
EUVD-2023-1438
Malicious code in bioql PyPI...
EUVD-2025-23524
Malicious code in bioql PyPI...
EUVD-2023-34988
Malicious code in bioql PyPI...
EUVD-2025-13496
Malicious code in bioql PyPI...
EUVD-2026-32030
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...
EUVD-2026-30709
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...
EUVD-2026-30520
The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...
EUVD-2026-30365
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
EUVD-2026-30251
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2026-30134
A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...
EUVD-2026-30133
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...
EUVD-2026-30048
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...
EUVD-2026-29928
Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...
EUVD-2026-29600
Double free in Windows Link-Layer Discovery Protocol LLDP allows an authorized attacker to elevate privileges locally...
EUVD-2026-29397
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
EUVD-2026-29378
UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep, formWlAc, formPasswordSetup, formUpgradeCert, and formDelcert functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00AACE.1C0 could allow an attacker to trigger a denial-of-service DoS condition b...
EUVD-2026-29151
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...
EUVD-2026-29167
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...
EUVD-2026-29031
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...