Lucene search
+L

969 matches found

EUVD
EUVD
added 2026/03/26 5:0 p.m.9 views

EUVD-2026-16271

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

5.4CVSS6AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

6.1CVSS6.1AI score0.0026EPSS
Exploits1References8
CVE
CVE
added 2026/03/25 11:46 p.m.12 views

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

8.1CVSS5.8AI score0.00415EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:41 p.m.5 views

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 10:41 p.m.7 views

EUVD-2026-16016

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

7.2CVSS5.8AI score0.00427EPSS
Exploits2References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15565

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 6:6 p.m.23 views

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/24 12:30 a.m.4 views

EUVD-2025-208954

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 7:15 p.m.29 views

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

8.6CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/20 8:27 a.m.6 views

EUVD-2026-13641

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

4.3CVSS6.1AI score0.00621EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:2 a.m.14 views

CVE-2026-33025

AVideo versions before 8.0 are affected by a SQL injection in getSqlFromPost() in Object.php, where $_POST['sort'] keys are used directly as ORDER BY identifiers. Although real_escape_string() is applied, it only escapes string-context chars and does not protect SQL identifiers. The issue is fixe...

8.8CVSS5.9AI score0.00398EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:2 a.m.25 views

CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

8.6CVSS0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 4:58 a.m.27 views

CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

9.3CVSS0.00438EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 8:30 p.m.2 views

CVE-2026-25745

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/18 4:41 a.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. OpenEMR versions 8.0.0 and earlier have security...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-69693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 9:34 p.m.7 views

EUVD-2025-208761

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References4
OSV
OSV
added 2026/03/16 8:16 p.m.11 views

UBUNTU-CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder