Lucene search
+L

142 matches found

euvd
euvd
added 2026/01/14 11:34 a.m.7 views

EUVD-2026-2520

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1...

5.1CVSS6.1AI score0.00203EPSS
Exploits0References3
euvd
euvd
added 2026/01/14 12:31 a.m.4 views

EUVD-2026-2618

EUVD-2026-2618...

7.2CVSS6.4AI score0.00247EPSS
Exploits0References5
euvd
euvd
added 2026/01/14 12:31 a.m.3 views

EUVD-2026-2646

EUVD-2026-2646...

9.8CVSS6.4AI score0.00831EPSS
Exploits1References4
euvd
euvd
added 2026/01/13 5:56 p.m.6 views

EUVD-2026-2122

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB Server allows an authorized attacker to elevate privileges over a network...

7.5CVSS6.5AI score0.01154EPSS
Exploits0References2
euvd
euvd
added 2026/01/13 5:56 p.m.4 views

EUVD-2026-2137

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

7.8CVSS6.6AI score0.00475EPSS
Exploits0References2
euvd
euvd
added 2026/01/13 3:34 p.m.4 views

EUVD-2026-2213

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

5.6AI score0.00115EPSS
Exploits0References4
euvd
euvd
added 2026/01/13 3:34 p.m.5 views

EUVD-2026-2214

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

5.8AI score0.00114EPSS
Exploits0References6
euvd
euvd
added 2026/01/13 3:34 p.m.3 views

EUVD-2026-2249

In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr There exists a kernel oops caused by a BUGONnhead INTMAX i.e. intskbheadroomskb + lendelta skbheadroomskb is meant to ensure that delta = headroom - skbheadroomskb is...

6AI score0.00114EPSS
Exploits0References6
euvd
euvd
added 2026/01/13 3:28 p.m.3 views

EUVD-2026-2301

In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current isize including 0, the code used to call checklockrangefilp, isize, size - 1, WRITE, which computes size - 1 and can underflow for...

6.2AI score0.00168EPSS
Exploits0References6
euvd
euvd
added 2026/01/13 1:30 p.m.2 views

EUVD-2026-2342

Information disclosure in the Networking component. This vulnerability affects Firefox 147 and Firefox ESR 140.7...

5.3CVSS5.5AI score0.00411EPSS
Exploits0References6
euvd
euvd
added 2026/01/13 6:0 a.m.7 views

EUVD-2026-2356

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

9.8CVSS6.2AI score0.00274EPSS
Exploits0References3
euvd
euvd
added 2026/01/09 10:4 a.m.4 views

EUVD-2026-1763

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection...

3.5CVSS6.1AI score0.00226EPSS
Exploits0References5
euvd
euvd
added 2026/01/08 5:13 p.m.8 views

EUVD-2026-1485

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

8.7CVSS6.3AI score0.00324EPSS
Exploits0References3
euvd
euvd
added 2026/01/08 1:44 p.m.5 views

EUVD-2026-1455

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References8
euvd
euvd
added 2026/01/07 12:31 p.m.4 views

EUVD-2026-1234

Not used...

6.4AI score
Exploits0References1
euvd
euvd
added 2026/01/07 12:31 p.m.6 views

EUVD-2026-1259

EUVD-2026-1259...

5.5CVSS6.4AI score0.00069EPSS
Exploits2References2
euvd
euvd
added 2026/01/07 11:52 a.m.3 views

EUVD-2026-1253

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1...

4.3CVSS6.5AI score0.00162EPSS
Exploits0References2
euvd
euvd
added 2026/01/07 9:21 a.m.4 views

EUVD-2026-1321

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS4.7AI score0.00181EPSS
Exploits0References4
euvd
euvd
added 2026/01/07 8:21 a.m.9 views

EUVD-2026-1349

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the updateitempermissionscheck method, which only verifies that the current user has the editposts capability...

4.3CVSS5.2AI score0.00289EPSS
Exploits1References4
euvd
euvd
added 2026/01/07 1:4 a.m.4 views

EUVD-2026-1301

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1802.11 modules allows an adjacent attacker to cause a denial-of-service DoS by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914...

7.1CVSS6.3AI score0.00209EPSS
Exploits0References5
Rows per page
Query Builder