417990 matches found
EUVD-2022-34530
Malicious code in bioql PyPI...
EUVD-2025-25133
Malicious code in bioql PyPI...
EUVD-2022-7038
Malicious code in bioql PyPI...
EUVD-2024-27039
Malicious code in bioql PyPI...
EUVD-2022-3680
Malicious code in bioql PyPI...
EUVD-2024-0322
Malicious code in bioql PyPI...
EUVD-2024-43125
Malicious code in bioql PyPI...
EUVD-2023-50986
Malicious code in bioql PyPI...
EUVD-2024-19821
Malicious code in bioql PyPI...
EUVD-2025-6833
Malicious code in bioql PyPI...
EUVD-2024-19411
Malicious code in bioql PyPI...
EUVD-2022-35732
Malicious code in bioql PyPI...
EUVD-2023-33735
Malicious code in bioql PyPI...
EUVD-2024-27251
Malicious code in bioql PyPI...
EUVD-2025-31040
Malicious code in bioql PyPI...
EUVD-2025-20471
Malicious code in bioql PyPI...
EUVD-2024-37625
Malicious code in bioql PyPI...
EUVD-2023-28021
Malicious code in bioql PyPI...
EUVD-2022-4025
Malicious code in bioql PyPI...
EUVD-2024-47644
Malicious code in bioql PyPI...
EUVD-2025-20988
Malicious code in bioql PyPI...
EUVD-2023-25851
Malicious code in bioql PyPI...
EUVD-2023-41815
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...
EUVD-2020-8137
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct...
EUVD-2026-36733
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
EUVD-2026-36376
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
EUVD-2026-35667
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35735
Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...
EUVD-2026-35589
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
EUVD-2026-34083
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
EUVD-2026-33557
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
EUVD-2026-33553
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...
EUVD-2026-31615
A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...
EUVD-2026-29571
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability...
EUVD-2026-30743
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...
EUVD-2026-30502
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
EUVD-2026-30256
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
EUVD-2024-55581
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APSmartAudio::loop, APSmartAudio, APSmartAudio.cpp components...
EUVD-2026-29914
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
EUVD-2026-29442
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042...
EUVD-2025-209754
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
EUVD-2026-28604
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...
EUVD-2026-28261
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using...
EUVD-2026-28184
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...
EUVD-2026-27301
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...
EUVD-2026-27025
D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
EUVD-2026-26778
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...
EUVD-2026-24165
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL...
EUVD-2026-22855
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules.This issue affects BC-JAVA: before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...
EUVD-2026-20117
The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...