Lucene search
K
EuvdMost viewed

417703 matches found

EUVD
EUVD
added 2026/06/02 4:14 p.m.15 views

EUVD-2026-33979

Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

7.8CVSS5.8AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:30 p.m.15 views

EUVD-2026-33962

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 2:37 p.m.15 views

EUVD-2026-33946

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

7.8CVSS5.7AI score0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:41 p.m.15 views

EUVD-2026-33916

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 10:46 a.m.15 views

EUVD-2026-33912

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:53 a.m.15 views

EUVD-2025-210036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 7:48 a.m.15 views

EUVD-2026-33893

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 3:28 a.m.15 views

EUVD-2026-33881

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...

9.8CVSS5.9AI score0.0126EPSS
Exploits4References8
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33852

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33843

Memory Corruption when processing display command line information due to improper initialization of a variable...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33848

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2025-210024

Memory corruption in diagnostic services due to absence of input validation...

6.7CVSS5.8AI score0.00079EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33815

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00064EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33811

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33803

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33818

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33813

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33801

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33796

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33772

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33785

In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33780

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2025-210011

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33770

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:0 a.m.15 views

EUVD-2026-33854

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/01 7:26 p.m.15 views

EUVD-2026-33755

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:15 p.m.15 views

EUVD-2026-33754

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 6:53 p.m.15 views

EUVD-2026-33750

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:45 p.m.15 views

EUVD-2026-33747

A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/01 6:11 p.m.15 views

EUVD-2026-33742

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:23 p.m.15 views

EUVD-2026-33724

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:11 p.m.15 views

EUVD-2026-33719

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to...

7.1CVSS5.8AI score0.00301EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:5 p.m.15 views

EUVD-2026-33715

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

8.2CVSS6AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:0 p.m.15 views

EUVD-2026-33713

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:25 p.m.15 views

EUVD-2026-33669

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:22 p.m.15 views

EUVD-2026-33668

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References8
EUVD
EUVD
added 2026/06/01 3:30 p.m.15 views

EUVD-2026-33693

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpddebug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public...

9CVSS7.7AI score0.00687EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/01 2:39 p.m.15 views

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.005EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/01 1:15 p.m.15 views

EUVD-2026-33640

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/01 1:15 p.m.15 views

EUVD-2026-33639

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 12:30 p.m.15 views

EUVD-2026-33636

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 11:14 a.m.15 views

EUVD-2026-33627

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

4.3CVSS5.9AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 9:37 a.m.15 views

EUVD-2026-33619

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:55 a.m.15 views

EUVD-2026-33597

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00625EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:50 a.m.15 views

EUVD-2026-33590

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:49 a.m.15 views

EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:45 a.m.15 views

EUVD-2026-33582

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS5.6AI score0.00262EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 7:17 a.m.15 views

EUVD-2026-33572

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS7.1AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 6:15 a.m.15 views

EUVD-2026-33564

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extractanimvalue of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

5.3CVSS6.2AI score0.00124EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/01 5:0 a.m.15 views

EUVD-2026-33559

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References6
Total number of security vulnerabilities5000