417732 matches found
EUVD-2026-28764
In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...
EUVD-2025-209737
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...
EUVD-2026-28421
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
EUVD-2026-28321
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...
EUVD-2026-26928
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
EUVD-2026-25220
Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...
EUVD-2026-17875
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...
EUVD-2026-10500
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
EUVD-2021-0108
Malware in sbrugna...
EUVD-1999-0017
Malware in sbrugna...
EUVD-2021-16590
Malware in sbrugna...
EUVD-2021-2105
Malware in sbrugna...
EUVD-2021-12559
Malware in sbrugna...
EUVD-2020-28687
Malware in sbrugna...
EUVD-2019-0248
Malware in sbrugna...
EUVD-2025-27086
Malicious code in bioql PyPI...
EUVD-2023-33891
Malicious code in bioql PyPI...
EUVD-2023-34410
Malicious code in bioql PyPI...
EUVD-2024-34707
Malicious code in bioql PyPI...
EUVD-2023-34343
Malicious code in bioql PyPI...
EUVD-2025-6218
Malicious code in bioql PyPI...
EUVD-2025-24647
Malicious code in bioql PyPI...
EUVD-2025-24180
Malicious code in bioql PyPI...
EUVD-2025-30242
Malicious code in bioql PyPI...
EUVD-2024-17507
Malicious code in bioql PyPI...
EUVD-2025-29497
Malicious code in bioql PyPI...
EUVD-2024-1212
Malicious code in bioql PyPI...
EUVD-2024-27118
Malicious code in bioql PyPI...
EUVD-2025-25404
Malicious code in bioql PyPI...
EUVD-2022-1260
Malicious code in bioql PyPI...
EUVD-2023-29394
Malicious code in bioql PyPI...
EUVD-2025-24026
Malicious code in bioql PyPI...
EUVD-2021-27595
Malicious code in bioql PyPI...
EUVD-2026-35301
The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled tpf POST parameter before it is used in an include path in the recoverexit function...
EUVD-2026-32212
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
EUVD-2026-30611
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...
EUVD-2026-30343
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-30206
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...
EUVD-2026-29013
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The explo...
EUVD-2026-29008
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...
EUVD-2022-55975
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
EUVD-2025-209709
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual...
EUVD-2026-28319
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
EUVD-2026-28318
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...
EUVD-2026-27382
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...
EUVD-2026-26491
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
EUVD-2026-25595
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
EUVD-2025-206132
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
EUVD-2021-21066
Malware in sbrugna...
EUVD-2020-26572
Malware in sbrugna...