Lucene search
K

48862 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2025-210459

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-43578

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A hig...

3.1CVSS5.5AI score
Exploits0References8
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago7 views

EUVD-2026-43592

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago6 views

EUVD-2026-43585

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday14 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-15605

The vulnerability CVE-2026-15605 affects wandb 0.25.2.dev1, specifically the ArtifactManifestEntry.download path in wandb/sdk/lib/hashutil.py under Artifact Integrity Validation. The issue is described as the use of a weak hash due to manipulating the ArtifactManifestEntry.download, with the atta...

3.1CVSS5.5AI score
Exploits0References7
Nuclei
Nuclei
added yesterday104 views

Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection

Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...

10CVSS7.2AI score0.69882EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14686

A flaw was found in HdrHistogram. This vulnerability affects the DoubleHistogram.recordValue function, which is part of the Range Check component. A local attacker can exploit this flaw by performing a specific manipulation, leading to an incorrect comparison of values. This issue primarily impac...

4.8CVSS6AI score0.0024EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-61858

A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...

5.3CVSS6AI score0.00133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52761

A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...

5.8CVSS6AI score0.00438EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in type-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d064750b4e3821d296d538ea749483e3f9cd54299645fc1c895e5c1af3639b5d The package presents itself as pino typosquat; README mirrors pino. The main entry index.js exports a middleware factory that, on invocation, spawns...

6.5AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago3 views

form-data: form-data: Form field override via CRLF injection

A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return CR, line feed LF, or double-quote " characters into the field argument of FormDataappend or the filename option. This allows th...

8.7CVSS6.1AI score0.00409EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

7.1CVSS6.7AI score0.00198EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago7 views

netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

9.1CVSS6.9AI score0.00969EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago5 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS7AI score0.00078EPSS
Exploits0References5
Snyk
Snyk
added 6 days ago4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Rows per page
Query Builder