417617 matches found
EUVD-2025-204614
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...
EUVD-2025-199922
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...
EUVD-2025-34454
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2019-7057
Malware in sbrugna...
EUVD-2021-24216
Malware in sbrugna...
EUVD-2020-18370
Malware in sbrugna...
EUVD-2020-17093
Malware in sbrugna...
EUVD-2021-10024
Malware in sbrugna...
EUVD-2015-1953
Malware in sbrugna...
EUVD-2021-2394
Malware in sbrugna...
EUVD-2021-0760
Malware in sbrugna...
EUVD-2020-17931
Malware in sbrugna...
EUVD-2021-1300
Malware in sbrugna...
EUVD-2023-54265
Malicious code in bioql PyPI...
EUVD-2023-43777
Malicious code in bioql PyPI...
EUVD-2025-18420
Malicious code in bioql PyPI...
EUVD-2022-6165
Malicious code in bioql PyPI...
EUVD-2022-51839
Malicious code in bioql PyPI...
EUVD-2022-4918
Malicious code in bioql PyPI...
EUVD-2025-25398
Malicious code in bioql PyPI...
EUVD-2022-52727
Malicious code in bioql PyPI...
EUVD-2025-19743
Malicious code in bioql PyPI...
EUVD-2024-27857
Malicious code in bioql PyPI...
EUVD-2023-2620
Malicious code in bioql PyPI...
EUVD-2025-12590
Malicious code in bioql PyPI...
EUVD-2025-32031
Malicious code in bioql PyPI...
EUVD-2022-1107
Malicious code in bioql PyPI...
EUVD-2025-10887
Malicious code in bioql PyPI...
EUVD-2025-20841
Malicious code in bioql PyPI...
EUVD-2023-43783
Malicious code in bioql PyPI...
EUVD-2022-51842
Malicious code in bioql PyPI...
EUVD-2023-0851
Malicious code in bioql PyPI...
EUVD-2023-1240
Malicious code in bioql PyPI...
EUVD-2025-29711
Malicious code in bioql PyPI...
EUVD-2022-51021
Malicious code in bioql PyPI...
EUVD-2026-35736
Integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network...
EUVD-2026-31211
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2026-30761
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
EUVD-2026-29456
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...
EUVD-2026-29389
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...
EUVD-2026-29011
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...
EUVD-2026-28764
In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...
EUVD-2026-28649
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
EUVD-2025-209737
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...
EUVD-2026-28421
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
EUVD-2026-28336
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
EUVD-2026-26928
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
EUVD-2026-25220
Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...
EUVD-2026-19757
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service...
EUVD-2026-17875
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...