417791 matches found
EUVD-2025-5967
Malicious code in bioql PyPI...
EUVD-2022-30526
Malicious code in bioql PyPI...
EUVD-2023-1541
Malicious code in bioql PyPI...
EUVD-2022-42350
Malicious code in bioql PyPI...
EUVD-2023-1261
Malicious code in bioql PyPI...
EUVD-2023-36820
Malicious code in bioql PyPI...
EUVD-2025-10561
Malicious code in bioql PyPI...
EUVD-2022-41825
Malicious code in bioql PyPI...
EUVD-2023-33897
Malicious code in bioql PyPI...
EUVD-2022-39342
Malicious code in bioql PyPI...
EUVD-2025-22121
Malicious code in bioql PyPI...
EUVD-2023-36843
Malicious code in bioql PyPI...
EUVD-2022-2416
Malicious code in bioql PyPI...
EUVD-2023-44181
Malicious code in bioql PyPI...
EUVD-2023-41450
Malicious code in bioql PyPI...
EUVD-2025-29521
Malicious code in bioql PyPI...
EUVD-2025-23827
Malicious code in bioql PyPI...
EUVD-2023-54061
Malicious code in bioql PyPI...
EUVD-2025-21408
Malicious code in bioql PyPI...
EUVD-2025-28770
Malicious code in bioql PyPI...
EUVD-2022-7694
Malicious code in bioql PyPI...
EUVD-2024-23467
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability...
EUVD-2022-33126
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
EUVD-2026-38434
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
EUVD-2026-0815
ComfyUI-Manager has an Unprotected Alternate Channel CWE-420...
EUVD-2026-37188
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-36804
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
EUVD-2026-35391
TYPO3 CMS has Broken Access Control in its Form Framework...
EUVD-2026-35862
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
EUVD-2026-35677
Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35654
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network...
EUVD-2026-35648
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
EUVD-2026-34992
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...
EUVD-2026-34968
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...
EUVD-2026-33406
Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables...
EUVD-2026-34192
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
EUVD-2026-34188
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
EUVD-2026-34185
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...
EUVD-2026-34115
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...
EUVD-2025-210051
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
EUVD-2025-210049
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
EUVD-2025-210054
A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...
EUVD-2025-210053
A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
EUVD-2025-210038
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12...
EUVD-2026-33828
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
EUVD-2025-210019
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer...
EUVD-2026-33793
In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-33757
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
EUVD-2026-33734
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
EUVD-2026-33714
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...