EUVD-2024-46940

Malicious code in bioql PyPI...

EUVD-2026-30303

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

EUVD-2020-11268

Malware in sbrugna...

EUVD-2022-29573

Malicious code in bioql PyPI...

EUVD-2022-41110

Malicious code in bioql PyPI...

EUVD-2026-36300

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

EUVD-2026-35723

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

EUVD-2026-28368

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

EUVD-2026-26784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

EUVD-2025-9086

Malicious code in bioql PyPI...

EUVD-2025-22233

Malicious code in bioql PyPI...

EUVD-2024-29282

Malicious code in bioql PyPI...

EUVD-2026-34082

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

EUVD-2021-34805

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

EUVD-2025-9242

Malicious code in bioql PyPI...

EUVD-2024-3257

Malicious code in bioql PyPI...

EUVD-2023-45841

Malicious code in bioql PyPI...

EUVD-2023-35115

Malicious code in bioql PyPI...

EUVD-2025-29241

Malicious code in bioql PyPI...

EUVD-2025-30405

Malicious code in bioql PyPI...

EUVD-2022-45013

Malicious code in bioql PyPI...

EUVD-2022-42766

Malicious code in bioql PyPI...

EUVD-2022-3861

Malicious code in bioql PyPI...

EUVD-2023-26134

Malicious code in bioql PyPI...

EUVD-2025-22567

Malicious code in bioql PyPI...

EUVD-2026-30155

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side...

EUVD-2026-29050

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

EUVD-2019-10560

Malware in sbrugna...

EUVD-2023-58939

Malicious code in bioql PyPI...

EUVD-2026-30202

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...

EUVD-2026-29036

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

EUVD-2021-34800

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

EUVD-2026-28357

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

EUVD-2026-26743

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

EUVD-2025-34561

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

EUVD-2021-1139

Malware in sbrugna...

EUVD-2021-21279

Malware in sbrugna...

EUVD-2024-54366

Malicious code in bioql PyPI...

EUVD-2025-29700

Malicious code in bioql PyPI...

EUVD-2021-32802

Malicious code in bioql PyPI...

EUVD-2025-29456

Malicious code in bioql PyPI...

EUVD-2022-35082

Malicious code in bioql PyPI...

EUVD-2026-29582

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29436

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

EUVD-2026-29193

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

EUVD-2026-29033

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

EUVD-2026-28826

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

EUVD-2026-28453

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-9082

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

EUVD-2021-2394

Malware in sbrugna...