417491 matches found
EUVD-2025-29456
Malicious code in bioql PyPI...
EUVD-2023-2055
Malicious code in bioql PyPI...
EUVD-2025-17774
Malicious code in bioql PyPI...
EUVD-2025-27058
Malicious code in bioql PyPI...
EUVD-2024-2335
Malicious code in bioql PyPI...
EUVD-2024-34446
Malicious code in bioql PyPI...
EUVD-2026-39395
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
EUVD-2026-35794
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...
EUVD-2026-29849
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
EUVD-2026-29470
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
EUVD-2026-28826
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
EUVD-2025-209739
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...
EUVD-2026-28453
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-28348
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal...
EUVD-2026-28387
Weblate Vulnerable to Private Translation Enumeration via Screenshot API...
EUVD-2026-26842
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...
EUVD-2026-25930
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...
EUVD-2025-175330
Keycloak has debug default bind address...
EUVD-2025-35062
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was not being freed during session close because it was not being tracked as part of internal buffer li...
EUVD-2021-1139
Malware in sbrugna...
EUVD-2021-21417
Malware in sbrugna...
EUVD-2007-0051
Malware in sbrugna...
EUVD-2021-19451
Malware in sbrugna...
EUVD-2021-20812
Malware in sbrugna...
EUVD-2025-32043
Malicious code in bioql PyPI...
EUVD-2022-50373
Malicious code in bioql PyPI...
EUVD-2022-4110
Malicious code in bioql PyPI...
EUVD-2021-8842
Malicious code in bioql PyPI...
EUVD-2022-51509
Malicious code in bioql PyPI...
EUVD-2025-25046
Malicious code in bioql PyPI...
EUVD-2024-35466
Malicious code in bioql PyPI...
EUVD-2025-20852
Malicious code in bioql PyPI...
EUVD-2025-12492
Malicious code in bioql PyPI...
EUVD-2025-19328
Malicious code in bioql PyPI...
EUVD-2021-11133
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
EUVD-2026-35742
Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...
EUVD-2026-31383
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...
EUVD-2023-35620
Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...
EUVD-2026-30250
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...
EUVD-2026-29669
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally...
EUVD-2026-29671
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
EUVD-2026-29379
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...
EUVD-2022-55976
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...
EUVD-2021-34807
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...
EUVD-2026-23678
protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...
EUVD-2026-23382
The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...
EUVD-2021-24251
Malware in sbrugna...
EUVD-2021-2574
Malware in sbrugna...
EUVD-2015-7631
Malware in sbrugna...
EUVD-2023-12553
Malicious code in bioql PyPI...