Lucene search
K

162371 matches found

EUVD
EUVD
added 2026/06/09 8:33 p.m.22 views

EUVD-2026-35829

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

8.4CVSS6.2AI score0.00555EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.8 views

CVE-2026-47931 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

8.4CVSS6.5AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:33 p.m.36 views

CVE-2026-47930 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.7 views

CVE-2026-47930 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:33 p.m.20 views

CVE-2026-47930

CVE-2026-47930 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access, with exploitation not requiring user interaction. The CVSS...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/09 8:31 p.m.13 views

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score0.00131EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/09 8:31 p.m.6 views

GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score0.00131EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 8:17 p.m.12 views

CVE-2026-47909

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

6.3CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:57 p.m.8 views

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

8.7CVSS5.5AI score0.00625EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 7:24 p.m.18 views

CVE-2026-47909

Dreamweaver Desktop (Windows/macOS) prior to or equal to version 21.7 is affected by an Improper Input Validation vulnerability that can lead to arbitrary file system read. The issue allows access to sensitive files/directories outside the intended scope and requires user interaction: a victim mu...

6.3CVSS5.6AI score0.00148EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:24 p.m.39 views

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

6.3CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 7:24 p.m.10 views

CVE-2026-47909 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

6.3CVSS5.6AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:24 p.m.13 views

EUVD-2026-35806

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

6.3CVSS5.6AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 6:36 p.m.5 views

GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:36 p.m.8 views

Collapse of Data into Unsafe Value

Overview Affected versions of this package are vulnerable to Collapse of Data into Unsafe Value incomplete validation of raw string arguments in certain IMAP command parameters such as criteria, searchkeys and attr. An attacker can cause commands to hang or trigger timeouts by supplying specially...

3.1CVSS5.4AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the QUIC server when address validation is disabled. An attacker can crash the server by sending an initial packet with an invalid or expired token. Address validation is enabled by default, so this is...

8.7CVSS5.3AI score0.00684EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in OSSLCMPget1rootCaKeyUpdate. An attacker with credentials that satisfy the CMP message protection checks, such as a Registration Authority, can replace the root CA certificate held by affected CMP clien...

6CVSS5.5AI score0.00262EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.9 views

EUVD-2026-35459

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References32
EUVD
EUVD
added 2026/06/09 6:31 p.m.11 views

EUVD-2026-35466

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.0027EPSS
Exploits0References24
EUVD
EUVD
added 2026/06/09 6:31 p.m.9 views

EUVD-2026-35706

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References6
Rows per page
Query Builder