417654 matches found
EUVD-2022-30426
Malicious code in bioql PyPI...
EUVD-2021-6634
Malicious code in bioql PyPI...
EUVD-2022-5556
Malicious code in bioql PyPI...
EUVD-2022-7028
Malicious code in bioql PyPI...
EUVD-2022-33471
Malicious code in bioql PyPI...
EUVD-2025-16372
Malicious code in bioql PyPI...
EUVD-2025-1994
Malicious code in bioql PyPI...
EUVD-2025-10053
Malicious code in bioql PyPI...
EUVD-2023-38527
Malicious code in bioql PyPI...
EUVD-2023-12797
Malicious code in bioql PyPI...
EUVD-2022-53106
Malicious code in bioql PyPI...
EUVD-2023-28057
Malicious code in bioql PyPI...
EUVD-2023-2596
Malicious code in bioql PyPI...
EUVD-2023-0091
Malicious code in bioql PyPI...
EUVD-2021-29346
Malicious code in bioql PyPI...
EUVD-2024-51584
Malicious code in bioql PyPI...
EUVD-2024-49694
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...
EUVD-2020-8925
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...
EUVD-2026-36170
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
EUVD-2026-36034
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...
EUVD-2026-35536
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-35728
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...
EUVD-2026-35724
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
EUVD-2026-35593
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...
EUVD-2026-35390
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...
EUVD-2026-34988
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
EUVD-2026-34341
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33738
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack c...
EUVD-2026-33731
A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...
EUVD-2026-33730
IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...
EUVD-2026-33637
A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...
EUVD-2026-33612
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...
EUVD-2026-33588
A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...
EUVD-2026-33547
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
EUVD-2026-33455
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...
EUVD-2026-33417
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
EUVD-2025-209994
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
EUVD-2026-33261
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
EUVD-2026-33107
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
EUVD-2026-33110
Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-33080
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-33210
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-25909
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save...
EUVD-2026-32907
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
EUVD-2026-32900
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...
EUVD-2026-32839
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...
EUVD-2026-32782
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
EUVD-2026-32628
RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined...
EUVD-2026-32620
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...