Lucene search
K

3276 matches found

EUVD
EUVD
added 4 days ago17 views

EUVD-2026-34067

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56621

Name of the Vulnerable Software and Affected Versions CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 UDiTH Portal versions 2026.0.0 through 2026.2.0 Description An authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 8:7 p.m.29 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:12 a.m.29 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:12 a.m.16 views

CVE-2026-1433

The CVE-2026-1433 issue affects uniFLOW Universal Login Manager (ULM) Standalone. An information disclosure vulnerability allows an authenticated administrator to access sensitive configuration data via the ULM Remote User Interface (RUI). The exposure can reveal SMTP/LDAP integration configurati...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.19 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 11:16 p.m.7 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.49 views

CVE-2026-14133

Technical details are not publicly available in the provided documents. Monitor for updates.

4.3CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 11:17 p.m.13 views

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS0.00702EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:46 p.m.10 views

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

8.4CVSS5.8AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.12 views

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 4:17 a.m.12 views

CVE-2026-24720

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

6.5CVSS0.0028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48372

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...

8.7CVSS5.7AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48369

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An issue exists where resources are allocated without limits or throttling. A remote attacker with a user account can exploit this to prevent other systems, applications, or processes from...

6.5CVSS5.3AI score0.0028EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 1:2 p.m.13 views

EUVD-2026-35420

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

5.9CVSS5.5AI score0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11666

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a crafted HT...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References85
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.10 views

SUSE CVE-2026-11192

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References2
Rows per page
Query Builder