119 matches found
EUVD-2026-3030
EUVD-2026-3030...
h3 v1 has Request Smuggling (TE.TE) issue
I was digging into h3 v1 specifically v1.15.4 and found a critical HTTP Request Smuggling vulnerability. Basically, readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this header should be case-insensitive. The...
EUVD-2026-2054
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
EUVD-2026-2325
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...
EUVD-2026-2362
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...
EUVD-2026-1703
GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...
EUVD-2026-1710
GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful...
EUVD-2026-1773
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...
EUVD-2026-1448
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...
EUVD-2026-1245
EUVD-2026-1245...
CVE-1999-0239
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET...
EUVD-2026-0994
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.4...
EUVD-2026-1000
An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...
EUVD-2026-0159
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0330
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0467
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0473
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0532
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0607
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0666
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...