417492 matches found
EUVD-2024-54623
Malicious code in bioql PyPI...
EUVD-2023-52795
Malicious code in bioql PyPI...
EUVD-2023-26134
Malicious code in bioql PyPI...
EUVD-2023-27851
Malicious code in bioql PyPI...
EUVD-2026-32744
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
EUVD-2026-29193
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...
EUVD-2026-15806
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...
EUVD-2026-9250
In multiple functions of memprotect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2021-23305
Malware in sbrugna...
EUVD-2021-0917
Malware in sbrugna...
EUVD-2021-2051
Malware in sbrugna...
EUVD-2021-21610
Malware in sbrugna...
EUVD-2024-52703
Malicious code in bioql PyPI...
EUVD-2026-35531
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-31205
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...
EUVD-2026-29408
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
EUVD-2018-4883
Malware in sbrugna...
EUVD-2021-21837
Malware in sbrugna...
EUVD-2020-23275
Malware in sbrugna...
EUVD-2025-25053
Malicious code in bioql PyPI...
EUVD-2026-36726
Multer vulnerable to Denial of Service via deeply nested field names...
EUVD-2026-28368
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
EUVD-2021-11278
Malware in sbrugna...
EUVD-2021-0262
Malware in sbrugna...
EUVD-2021-15257
Malware in sbrugna...
EUVD-2020-0268
Malware in sbrugna...
EUVD-2021-11123
Malware in sbrugna...
EUVD-2022-7411
Malicious code in bioql PyPI...
EUVD-2025-31660
Malicious code in bioql PyPI...
EUVD-2023-38139
Malicious code in bioql PyPI...
EUVD-2024-34998
Malicious code in bioql PyPI...
EUVD-2025-24605
Malicious code in bioql PyPI...
EUVD-2024-31641
Malicious code in bioql PyPI...
EUVD-2026-36509
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...
EUVD-2026-36199
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
EUVD-2026-31113
Twig: Possible sandbox bypass when using a source policy...
EUVD-2026-34900
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...
EUVD-2026-29954
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2026-27470
Jupyter Server: Path Traversal via incorrect startswith root directory check allows access to sibling directories...
EUVD-2025-204576
DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67038. Reason: This record is a reservation duplicate of CVE-2025-67038. Notes: All CVE users should reference CVE-2025-67038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...
EUVD-2017-9876
Malware in sbrugna...
EUVD-2014-8768
Malware in sbrugna...
EUVD-2024-2152
Malicious code in bioql PyPI...
EUVD-2022-6135
Malicious code in bioql PyPI...
EUVD-2022-33305
Malicious code in bioql PyPI...
EUVD-2026-34082
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...
EUVD-2025-210009
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-31774
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...
EUVD-2026-30303
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
EUVD-2026-27867
Facebook React has a Denial of Service Vulnerability in React Server Components...