Lucene search
K

73 matches found

EUVD
EUVD
added 2026/06/29 5:34 a.m.6 views

EUVD-2025-210367

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 5:34 a.m.34 views

CVE-2025-0824 lack of validation for firmware update in Hitachi Virtual Storage

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS0.00083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:34 a.m.6 views

CVE-2025-0824

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:34 a.m.10 views

CVE-2025-0824

CVE-2025-0824 describes a vulnerability in the firmware update process of Hitachi Virtual Storage Platform One Block models 23, 24, 26, and 28 (pre-DKCMAIN A3-04-21-40/00, pre-ESM A3-04-21/00) where input/firmware update validation is insufficient. The underlying issue is lack of validation for f...

3.7CVSS5.8AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 4:13 a.m.32 views

EUVD-2026-28318

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...

7.2CVSS6AI score0.01833EPSS
Exploits1References4
NVD
NVD
added 2026/04/16 3:16 a.m.6 views

CVE-2026-1880

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

5.4CVSS0.00139EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

TrueConf Client 安全漏洞

TrueConf Client is a video conferencing and collaboration software client developed by TrueConf Company in Lithuania. There is a security vulnerability in TrueConf Client, which stems from the lack of validation during the download of application update code. This vulnerability could allow...

7.8CVSS6.2AI score0.0575EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-1753

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

6.8CVSS5.9AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:0 a.m.6 views

CVE-2026-1753

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24584

🚨 CVE-2026-1753 The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as users can register. 🎖@cveNotify...

6.8CVSS5.8AI score0.00197EPSS
Exploits0References5
NVD
NVD
added 2026/02/12 11:15 a.m.5 views

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

5.3CVSS0.00123EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

EPSON WF-2750 Origin Validation Error (CVE-2018-14903)

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

7.5CVSS7.4AI score0.00529EPSS
Exploits1References2
CVE
CVE
added 2026/01/16 8:36 a.m.19 views

CVE-2025-12006

CVE-2025-12006 affects Supermicro BMC firmware on the MBD-X12STW-F board. The vulnerability lies in the firmware validation logic, enabling an attacker to update the system firmware with a specially crafted image. Public sources (NVD/Red Hat/CIRCL) describe the same underlying issue; ARMs to expl...

7.2CVSS6.5AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 4:15 a.m.5 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS0.00687EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/15 8:40 a.m.8 views

CVE-2025-55073

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...

5.4CVSS6.9AI score0.00163EPSS
Exploits0References1
OSV
OSV
added 2025/10/23 4:25 p.m.5 views

GO-2025-3985 kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace in github.com/kcp-dev/kcp...

7AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-2450

Malware in sbrugna...

7.8CVSS8.1AI score0.01007EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-10943

Malware in sbrugna...

9CVSS8.8AI score0.03296EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31346

Malicious code in bioql PyPI...

6.6AI score
Exploits0References5
OSV
OSV
added 2025/09/26 3:0 p.m.1 views

GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

2.3CVSS6.9AI score
Exploits0References6
Rows per page
Query Builder