418961 matches found
EUVD-2026-29398
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fancy-img-show shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
EUVD-2022-55983
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
EUVD-2026-28978
A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...
EUVD-2026-28701
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...
EUVD-2026-28464
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
EUVD-2025-209716
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5...
EUVD-2026-28248
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
EUVD-2026-27141
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore...
EUVD-2026-27390
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...
EUVD-2026-27386
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
EUVD-2026-26802
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...
EUVD-2026-24165
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL...
EUVD-2026-20894
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...
EUVD-2026-3280
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...
EUVD-2025-34919
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...
EUVD-2020-4557
Malware in sbrugna...
EUVD-2021-1565
Malware in sbrugna...
EUVD-2020-28714
Malware in sbrugna...
EUVD-2021-14575
Malware in sbrugna...
EUVD-2010-3730
Malware in sbrugna...
EUVD-2021-1350
Malware in sbrugna...
EUVD-2021-2548
Malware in sbrugna...
EUVD-2020-27228
Malware in sbrugna...
EUVD-2020-1478
Malware in sbrugna...
EUVD-2019-17172
Malware in sbrugna...
EUVD-2021-2213
Malware in sbrugna...
EUVD-2021-18759
Malware in sbrugna...
EUVD-2020-1452
Malware in sbrugna...
EUVD-2020-5497
Malware in sbrugna...
EUVD-2021-16785
Malware in sbrugna...
EUVD-2018-10471
Malware in sbrugna...
EUVD-2022-2474
Malicious code in bioql PyPI...
EUVD-2025-21054
Malicious code in bioql PyPI...
EUVD-2025-24799
Malicious code in bioql PyPI...
EUVD-2021-29623
Malicious code in bioql PyPI...
EUVD-2022-42645
Malicious code in bioql PyPI...
EUVD-2025-16627
Malicious code in bioql PyPI...
EUVD-2025-25464
Malicious code in bioql PyPI...
EUVD-2022-30431
Malicious code in bioql PyPI...
EUVD-2023-1171
Malicious code in bioql PyPI...
EUVD-2024-48866
Malicious code in bioql PyPI...
EUVD-2022-47659
Malicious code in bioql PyPI...
EUVD-2025-22780
Malicious code in bioql PyPI...
EUVD-2022-5169
Malicious code in bioql PyPI...
EUVD-2025-25038
Malicious code in bioql PyPI...
EUVD-2024-0410
Malicious code in bioql PyPI...
EUVD-2022-51060
Malicious code in bioql PyPI...
EUVD-2025-18803
Malicious code in bioql PyPI...
EUVD-2022-5425
Malicious code in bioql PyPI...
EUVD-2024-1164
Malicious code in bioql PyPI...