Lucene search
K
EuvdMost viewed

417709 matches found

EUVD
EUVD
•added 2026/05/27 5:31 a.m.•24 views

EUVD-2026-32094

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The ajaxLoginWithNear function — registered as a wpajaxnopriv action and therefore reachable by unauthenticated users — accepts an attacker-supplied account POST parameter...

8.1CVSS5.8AI score0.0039EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/25 7:30 a.m.•24 views

EUVD-2026-31647

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/18 12:30 a.m.•24 views

EUVD-2026-30721

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...

9CVSS7.7AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/17 12:15 p.m.•24 views

EUVD-2026-30700

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7
EUVD
EUVD
•added 2026/05/15 3:0 a.m.•24 views

EUVD-2024-19556

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...

1.8CVSS5.8AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/15 2:41 a.m.•24 views

EUVD-2025-209876

Insufficient parameter sanitization in AMD Secure Processor ASP TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDLOADGFXIPFW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/14 9:14 p.m.•24 views

EUVD-2026-30086

vm2 Has a Sandbox Breakout Using Async Generator...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References4
EUVD
EUVD
•added 2026/05/14 8:12 p.m.•24 views

EUVD-2026-30479

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/14 3:13 a.m.•24 views

EUVD-2026-30213

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/14 2:26 a.m.•24 views

EUVD-2026-30214

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS6AI score0.00492EPSS
Exploits0References10
EUVD
EUVD
•added 2026/05/13 1:27 p.m.•24 views

EUVD-2026-29952

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References6
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•24 views

EUVD-2026-29640

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS6AI score0.00369EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•24 views

EUVD-2026-29547

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 12:32 p.m.•24 views

EUVD-2026-29427

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS5.9AI score0.0037EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 9:31 a.m.•24 views

EUVD-2026-29405

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

4.8CVSS6.5AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/11 12:31 a.m.•24 views

EUVD-2026-29006

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smfnsmfhandlecreatedatainhsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized...

5.3CVSS5.4AI score0.00378EPSS
Exploits1References6
EUVD
EUVD
•added 2026/05/10 3:31 p.m.•24 views

EUVD-2022-55972

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/09 3:19 a.m.•24 views

EUVD-2026-28899

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges...

6.9CVSS5.8AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•24 views

EUVD-2025-209740

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

6.5CVSS5.8AI score0.00486EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•24 views

EUVD-2026-28468

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•24 views

EUVD-2026-28449

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•24 views

EUVD-2026-28451

Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9CVSS6AI score0.00988EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 9:30 p.m.•24 views

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

5.8AI score0.00813EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/07 9:30 p.m.•24 views

EUVD-2026-28422

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.8AI score0.00179EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/07 6:30 p.m.•24 views

EUVD-2026-28400

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References3
EUVD
EUVD
•added 2026/05/07 4:4 a.m.•24 views

EUVD-2026-28300

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

6.3CVSS5.8AI score0.00393EPSS
Exploits1References3
EUVD
EUVD
•added 2026/05/06 12:30 p.m.•24 views

EUVD-2026-27776

In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skbmaytxtimestamp skbmaytxtimestamp may acquire sock::skcallbacklock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and comple...

5.8AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/05 10:4 p.m.•24 views

EUVD-2026-25871

authd: Primary group ID is incorrectly set to value of UID...

7.3CVSS5.8AI score0.0011EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/05 8:49 p.m.•24 views

EUVD-2026-27133

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback...

6.5CVSS5.8AI score0.00299EPSS
Exploits1References3
EUVD
EUVD
•added 2026/05/05 11:25 a.m.•24 views

EUVD-2026-27295

OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation,...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/05 11:25 a.m.•24 views

EUVD-2026-27271

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/04 7:15 a.m.•24 views

EUVD-2026-26929

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS5.6AI score0.00241EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/04 12:39 a.m.•24 views

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/03 10:0 p.m.•24 views

EUVD-2026-26843

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/02 5:29 a.m.•24 views

EUVD-2026-26744

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
•added 2026/04/24 7:14 p.m.•24 views

EUVD-2026-25615

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

5.4CVSS5.3AI score0.00106EPSS
Exploits1References1
EUVD
EUVD
•added 2026/04/21 9:31 p.m.•24 views

EUVD-2026-24352

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.6CVSS5.7AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
•added 2026/04/15 9:30 p.m.•24 views

EUVD-2026-23032

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/12 5:57 p.m.•24 views

EUVD-2026-11649

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References1
EUVD
EUVD
•added 2026/01/09 12:0 a.m.•24 views

EUVD-2026-1717

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file...

6.3AI score0.00414EPSS
Exploits1References3
EUVD
EUVD
•added 2025/11/26 5:54 p.m.•24 views

EUVD-2025-199737

Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device...

7.6CVSS6.7AI score0.00403EPSS
Exploits0References4
EUVD
EUVD
•added 2025/10/16 9:22 a.m.•24 views

EUVD-2025-34743

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

9.2CVSS6.3AI score0.00403EPSS
Exploits0References2
EUVD
EUVD
•added 2025/10/14 6:0 p.m.•24 views

EUVD-2025-34251

Argo Workflow has a Zipslip Vulnerability...

8.1CVSS6.3AI score0.00539EPSS
Exploits1References5
EUVD
EUVD
•added 2025/10/08 12:2 a.m.•24 views

EUVD-2025-31856

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mitssidindex leads to stack-based buffer overflow. The attack may be...

10CVSS9.6AI score0.06192EPSS
Exploits1References7
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•24 views

EUVD-2007-3197

Malware in sbrugna...

5CVSS7.3AI score0.02075EPSS
Exploits0References8
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•24 views

EUVD-2021-1436

Malware in sbrugna...

9.8CVSS9.4AI score0.04025EPSS
Exploits1References5
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•24 views

EUVD-2008-2625

Malware in sbrugna...

7.5CVSS6.4AI score0.01019EPSS
Exploits0References5
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•25 views

EUVD-2021-0412

Malware in sbrugna...

5.5CVSS5AI score0.00173EPSS
Exploits0References13
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•24 views

EUVD-2014-0085

Malware in sbrugna...

9.3CVSS6.2AI score0.01557EPSS
Exploits1References10
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•24 views

EUVD-2021-11352

Malware in sbrugna...

4.8CVSS5AI score0.00617EPSS
Exploits2References2
Total number of security vulnerabilities5000