417493 matches found
EUVD-2022-1260
Malicious code in bioql PyPI...
EUVD-2025-29711
Malicious code in bioql PyPI...
EUVD-2025-14881
Malicious code in bioql PyPI...
EUVD-2026-32212
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
EUVD-2026-31211
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2026-30206
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...
EUVD-2026-29008
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...
EUVD-2022-55975
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...
EUVD-2026-28336
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
EUVD-2026-28319
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the getcurrentletterdocs and docssortbyletter AJAX actions in all versions up to, and including, 3.7.0. This is due to the limit POST parameter being interpolated directly into a SQL query string before being passed to...
EUVD-2026-27382
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...
EUVD-2026-26491
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
EUVD-2026-25220
Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...
EUVD-2026-20896
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...
EUVD-2025-206132
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...
EUVD-2021-21066
Malware in sbrugna...
EUVD-2020-1192
Malware in sbrugna...
EUVD-2020-0051
Malware in sbrugna...
EUVD-2021-0669
Malware in sbrugna...
EUVD-2021-1300
Malware in sbrugna...
EUVD-2008-5420
Malware in sbrugna...
EUVD-2021-22257
Malware in sbrugna...
EUVD-2025-17352
Malicious code in bioql PyPI...
EUVD-2025-22763
Malicious code in bioql PyPI...
EUVD-2023-32094
Malicious code in bioql PyPI...
EUVD-2024-20887
Malicious code in bioql PyPI...
EUVD-2023-34343
Malicious code in bioql PyPI...
EUVD-2024-54655
Malicious code in bioql PyPI...
EUVD-2023-0497
Malicious code in bioql PyPI...
EUVD-2025-27227
Malicious code in bioql PyPI...
EUVD-2023-31858
Malicious code in bioql PyPI...
EUVD-2025-24026
Malicious code in bioql PyPI...
EUVD-2025-25404
Malicious code in bioql PyPI...
EUVD-2024-17507
Malicious code in bioql PyPI...
EUVD-2024-34707
Malicious code in bioql PyPI...
EUVD-2023-45177
Malicious code in bioql PyPI...
EUVD-2023-43777
Malicious code in bioql PyPI...
EUVD-2024-0448
Malicious code in bioql PyPI...
EUVD-2025-30647
Malicious code in bioql PyPI...
EUVD-2022-2658
Malicious code in bioql PyPI...
EUVD-2021-27530
Malicious code in bioql PyPI...
EUVD-2022-6354
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...
EUVD-2026-35301
The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled tpf POST parameter before it is used in an include path in the recoverexit function...
EUVD-2026-30803
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...
EUVD-2026-30712
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
EUVD-2026-30534
Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...
EUVD-2026-29685
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
EUVD-2026-29587
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...
EUVD-2026-29604
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-29444
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...