417881 matches found
EUVD-2024-40149
Malicious code in bioql PyPI...
EUVD-2023-1735
Malicious code in bioql PyPI...
EUVD-2023-2557
Malicious code in bioql PyPI...
EUVD-2022-52075
Malicious code in bioql PyPI...
EUVD-2024-48046
Malicious code in bioql PyPI...
EUVD-2022-49618
Malicious code in bioql PyPI...
EUVD-2022-33561
Malicious code in bioql PyPI...
EUVD-2022-6869
Malicious code in bioql PyPI...
EUVD-2024-52989
Malicious code in bioql PyPI...
EUVD-2025-29165
Malicious code in bioql PyPI...
EUVD-2024-39260
Malicious code in bioql PyPI...
EUVD-2024-36876
Malicious code in bioql PyPI...
EUVD-2023-2414
Malicious code in bioql PyPI...
EUVD-2022-6271
Malicious code in bioql PyPI...
EUVD-2025-21126
Malicious code in bioql PyPI...
EUVD-2025-29200
Malicious code in bioql PyPI...
EUVD-2022-51699
Malicious code in bioql PyPI...
EUVD-2023-27696
Malicious code in bioql PyPI...
EUVD-2022-0158
Malicious code in bioql PyPI...
EUVD-2025-28551
Malicious code in bioql PyPI...
EUVD-2024-46021
Malicious code in bioql PyPI...
EUVD-2025-13301
Malicious code in bioql PyPI...
EUVD-2025-11120
Malicious code in bioql PyPI...
EUVD-2024-34423
Malicious code in bioql PyPI...
EUVD-2024-24496
Malicious code in bioql PyPI...
EUVD-2025-12570
Malicious code in bioql PyPI...
EUVD-2022-6456
Malicious code in bioql PyPI...
EUVD-2022-1885
Malicious code in bioql PyPI...
EUVD-2022-31382
.NET Framework Denial of Service Vulnerability...
EUVD-2026-38488
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
EUVD-2026-38019
Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
EUVD-2026-37708
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...
EUVD-2026-36484
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...
EUVD-2026-36170
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
EUVD-2026-35475
Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...
EUVD-2026-35644
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35465
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...
EUVD-2026-35574
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...
EUVD-2026-34482
Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-33825
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...
EUVD-2026-33621
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...
EUVD-2026-32476
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmappurgelock in shrinker decayvapoolnode can be invoked concurrently from two paths: purgevmaparealazy when pools are being purged, and the shrinker via vmapnodeshrinkscan. However, decayvapoolnode is not safe t...
EUVD-2026-32406
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoncall vs kdamondfn exit race Patch series "mm/damon/core: fix damoncall/damoswalk vs kdmond exit race". damoncall and damoswalk can leak memory and/or deadlock when they race with kdamond terminations. Fix...
EUVD-2026-32201
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...
EUVD-2026-32037
The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...
EUVD-2026-31989
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...
EUVD-2026-31918
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...
EUVD-2026-31901
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...
EUVD-2026-31750
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...
EUVD-2026-31525
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...