Lucene search
K
EuvdMost viewed

417898 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-3503

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.09146EPSS
Exploits5References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-51060

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.004EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2024-44259

Malicious code in bioql PyPI...

4.4CVSS6.5AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2023-32155

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00965EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2025-21758

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00847EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2025-20988

Malicious code in bioql PyPI...

2.7CVSS6.3AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-0453

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01948EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-4434

Malicious code in bioql PyPI...

8.1CVSS8AI score0.03711EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2025-16260

Malicious code in bioql PyPI...

5.5CVSS4.1AI score0.00208EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2021-27939

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.01186EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-3554

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.03949EPSS
Exploits0References23
EUVD
EUVD
added 2020/10/16 10:17 p.m.26 views

EUVD-2020-8887

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

7.8CVSS7.7AI score0.03424EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.25 views

EUVD-2026-35638

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.25 views

EUVD-2026-35698

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.5AI score0.00622EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 5:5 p.m.25 views

EUVD-2026-35589

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

6.8CVSS5.4AI score0.05011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.25 views

EUVD-2026-35579

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00753EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 8:15 a.m.25 views

EUVD-2026-33603

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 4:30 a.m.25 views

EUVD-2026-33557

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handlewebhookrequest of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.4AI score0.00372EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 12:30 a.m.25 views

EUVD-2026-33518

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/31 1:30 a.m.25 views

EUVD-2026-33479

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

9CVSS7.8AI score0.00472EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 2:49 p.m.25 views

EUVD-2026-32538

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 11:54 a.m.25 views

EUVD-2026-31814

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 12:30 a.m.25 views

EUVD-2026-30721

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...

9CVSS7.7AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:31 a.m.25 views

EUVD-2026-30673

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 7:12 p.m.25 views

EUVD-2026-30607

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

8.1CVSS5.9AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/15 6:36 p.m.25 views

EUVD-2026-30578

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving...

7.6CVSS5.7AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 4:4 p.m.25 views

EUVD-2026-30559

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS5.8AI score0.0061EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 12:31 p.m.25 views

EUVD-2026-30537

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS5.9AI score0.00648EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 1:45 a.m.25 views

EUVD-2025-209861

Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...

7CVSS6.1AI score0.00106EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 9:14 p.m.25 views

EUVD-2026-30086

vm2 Has a Sandbox Breakout Using Async Generator...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/14 5:48 p.m.25 views

EUVD-2025-209859

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 1:0 p.m.25 views

EUVD-2026-30290

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS6.1AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.25 views

EUVD-2026-30137

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.25 views

EUVD-2026-30113

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.25 views

EUVD-2026-30020

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

5.8AI score0.00114EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/13 6:30 p.m.25 views

EUVD-2026-30024

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...

5.8AI score0.00114EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 6:30 p.m.25 views

EUVD-2026-29890

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

7.1CVSS5.8AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:26 a.m.25 views

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.25 views

EUVD-2025-209808

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS6AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.25 views

EUVD-2026-29396

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.25 views

EUVD-2026-28662

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 9:31 a.m.25 views

EUVD-2025-209734

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS6AI score0.01028EPSS
Exploits3References7
EUVD
EUVD
added 2026/05/07 9:31 a.m.25 views

EUVD-2026-28340

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service...

4.7CVSS5.8AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 4:27 a.m.25 views

EUVD-2026-28323

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/06 12:30 p.m.25 views

EUVD-2026-27776

In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skbmaytxtimestamp skbmaytxtimestamp may acquire sock::skcallbacklock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and comple...

5.8AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 8:49 p.m.25 views

EUVD-2026-27133

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback...

6.5CVSS5.8AI score0.00299EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.25 views

EUVD-2026-27295

OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation,...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 6:31 a.m.25 views

EUVD-2026-27219

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/05 12:30 a.m.25 views

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 12:39 a.m.25 views

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Total number of security vulnerabilities5000