417491 matches found
EUVD-2023-12509
Malicious code in bioql PyPI...
EUVD-2025-22226
Malicious code in bioql PyPI...
EUVD-2024-29282
Malicious code in bioql PyPI...
EUVD-2025-9242
Malicious code in bioql PyPI...
EUVD-2026-35663
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-30349
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps quer...
EUVD-2026-29399
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
EUVD-2026-26220
A missing permission check in Jenkins Script Security Plugin 1399.ve6a66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths...
EUVD-2026-23970
LMDeploy has Server-Side Request Forgery SSRF via Vision-Language Image Loading...
EUVD-2026-9082
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
EUVD-2026-3933
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through = 1.2.7...
EUVD-2025-205780
Picklescan is vulnerable to RCE via missing detection when calling built-in python operator.attrgetter...
EUVD-2025-34561
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
EUVD-2021-10081
Malware in sbrugna...
EUVD-2022-35082
Malicious code in bioql PyPI...
EUVD-2024-3257
Malicious code in bioql PyPI...
EUVD-2022-26179
Malicious code in bioql PyPI...
EUVD-2022-42766
Malicious code in bioql PyPI...
EUVD-2023-23542
Malicious code in bioql PyPI...
EUVD-2023-58939
Malicious code in bioql PyPI...
EUVD-2025-24827
Malicious code in bioql PyPI...
EUVD-2024-34521
Malicious code in bioql PyPI...
EUVD-2023-34498
Malicious code in bioql PyPI...
EUVD-2023-24069
Malicious code in bioql PyPI...
EUVD-2025-29241
Malicious code in bioql PyPI...
EUVD-2024-54366
Malicious code in bioql PyPI...
EUVD-2025-13640
Malicious code in bioql PyPI...
EUVD-2026-36541
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...
EUVD-2026-35506
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-30674
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set...
EUVD-2026-30629
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on...
EUVD-2026-29930
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
EUVD-2026-29830
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
EUVD-2026-29637
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
EUVD-2026-29436
A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...
EUVD-2026-27502
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
EUVD-2025-208089
A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory...
EUVD-2020-26234
Malware in sbrugna...
EUVD-2019-10560
Malware in sbrugna...
EUVD-2018-7738
Malware in sbrugna...
EUVD-2021-13806
Malware in sbrugna...
EUVD-2021-21511
Malware in sbrugna...
EUVD-2020-5759
Malware in sbrugna...
EUVD-2023-35115
Malicious code in bioql PyPI...
EUVD-2025-30405
Malicious code in bioql PyPI...
EUVD-2025-27990
Malicious code in bioql PyPI...
EUVD-2022-39469
Malicious code in bioql PyPI...
EUVD-2022-45013
Malicious code in bioql PyPI...
EUVD-2025-29700
Malicious code in bioql PyPI...
EUVD-2025-18398
Malicious code in bioql PyPI...