Lucene search
+L

330 matches found

euvd
euvd
added 2026/01/09 12:0 a.m.7 views

EUVD-2026-1722

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...

5.3CVSS7AI score0.00311EPSS
Exploits0References4
euvd
euvd
added 2026/01/09 12:0 a.m.8 views

EUVD-2026-1713

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

7.7AI score0.24101EPSS
Exploits1References2
euvd
euvd
added 2026/01/08 5:11 p.m.6 views

EUVD-2026-1479

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References4
euvd
euvd
added 2026/01/08 5:9 p.m.6 views

EUVD-2026-1499

Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS...

5.5CVSS5.5AI score0.00202EPSS
Exploits0References3
euvd
euvd
added 2026/01/08 3:23 p.m.7 views

EUVD-2026-1509

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

7CVSS6.4AI score0.00171EPSS
Exploits0References3
euvd
euvd
added 2026/01/08 3:4 p.m.4 views

EUVD-2026-1562

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...

5.1CVSS6.5AI score0.00148EPSS
Exploits0References3
euvd
euvd
added 2026/01/08 1:44 p.m.5 views

EUVD-2026-1455

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References8
euvd
euvd
added 2026/01/08 9:17 a.m.7 views

EUVD-2026-1518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in [email protected] Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through = 5.0...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.10 views

EUVD-2026-1538

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...

6.1CVSS5.9AI score0.00146EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.5 views

EUVD-2026-1521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...

6.1CVSS5.9AI score0.00228EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.5 views

EUVD-2026-1525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

6.1CVSS5.9AI score0.0018EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.5 views

EUVD-2026-1557

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through = 3.0...

5.4CVSS5.5AI score0.00222EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.5 views

EUVD-2026-1558

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through = 2.1.0...

9.8CVSS6.6AI score0.00512EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.5 views

EUVD-2026-1537

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through = 7.2.7...

9.8CVSS6.6AI score0.00403EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.4 views

EUVD-2026-1534

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through = 1.6.6...

9.8CVSS6.6AI score0.00403EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 9:17 a.m.6 views

EUVD-2026-1539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6...

6.1CVSS5.9AI score0.00175EPSS
Exploits0References2
euvd
euvd
added 2026/01/08 12:0 a.m.6 views

EUVD-2026-1488

An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...

9.8CVSS6AI score0.00085EPSS
Exploits0References3
euvd
euvd
added 2026/01/07 8:26 p.m.5 views

EUVD-2026-1169

OpenLDAP Lightning Memory-Mapped Database LMDB mdbload contains a heap buffer underflow vulnerability in the readline function. When processing malformed input, an unsigned offset calculation can underflow a heap pointer, resulting in an out-of-bounds read of one byte before the allocated heap...

7CVSS6.1AI score0.00127EPSS
Exploits0References6
euvd
euvd
added 2026/01/07 8:2 p.m.5 views

EUVD-2026-1171

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

7.1CVSS6.5AI score0.00144EPSS
Exploits0References3
euvd
euvd
added 2026/01/07 4:23 p.m.6 views

EUVD-2026-1200

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

5.3CVSS6.3AI score0.00567EPSS
Exploits0References2
Rows per page
Query Builder