Lucene search
K

134 matches found

EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38801

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/19 5:42 p.m.6 views

EUVD-2019-20196

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to comeasyshop, task set to...

6.9CVSS6AI score0.00426EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 10:17 p.m.9 views

MAL-2026-5931 Malicious code in mci-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...

6.6AI score
Exploits0References7
Redos
Redos
added 2026/06/11 12:0 a.m.9 views

ROS-20260611-73-0003

The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory, due to incorrect encoding based on the Base64 standard. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

9.1CVSS5.8AI score0.00599EPSS
Exploits1
OSV
OSV
added 2026/06/08 10:17 a.m.6 views

SUSE-SU-2026:2298-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970...

6CVSS5.5AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 2:30 a.m.28 views

CVE-2026-10581

CVE-2026-10581 affects DedeCMS 5.7.88. The vulnerability lies in the function base64_decode in /plus/download.php?open=1, where manipulation of the Link argument triggers a server-side request forgery (SSRF). Remote exploitation is possible, and the exploit has been published. The available docum...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 9:16 a.m.19 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00332EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 8:24 a.m.13 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 8:24 a.m.41 views

CVE-2026-49197 Predator Connect W6x: Improper Authentication

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00332EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 3:7 p.m.12 views

Malicious code in web-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd19476eeb1c31707abe6fac6f52dbd1950a0dc25f4854ea5269d6400f8ea37 web-dotenv impersonates the widely-used dotenv package: its package.json copies dotenv's repository git://github.com/motdotla/dotenv.git and homepage...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021480 advisory. A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...

4.2CVSS5.8AI score0.00304EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37235

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

6.4CVSS5.9AI score0.00243EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/12 3:31 p.m.11 views

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/12 2:17 p.m.14 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 1:28 p.m.33 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the possibility for attackers to use specially crafted Base64-encoded exchanges to forge SCRAM TL...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.10 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
NVD
NVD
added 2026/04/29 9:16 a.m.6 views

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:30 a.m.8 views

EUVD-2026-26203

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
Rows per page
Query Builder