Lucene search
K
EuvdMost viewed

417642 matches found

EUVD
EUVD
added 2026/06/09 8:33 p.m.23 views

EUVD-2026-35829

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

8.4CVSS6.2AI score0.00555EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 4:28 a.m.23 views

EUVD-2026-34962

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/01 8:2 a.m.23 views

EUVD-2026-33602

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

9.8CVSS5.8AI score0.00529EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 3:52 p.m.23 views

EUVD-2026-32935

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 9:36 a.m.23 views

EUVD-2026-32821

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from f2fsdropinode with ISYNC set, concurrent kworker writeback can insert n...

5.8AI score0.00093EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 3:39 p.m.23 views

EUVD-2026-32570

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS5.8AI score0.00324EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/27 2:57 p.m.23 views

EUVD-2026-32544

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:43 a.m.23 views

EUVD-2025-209962

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 11:54 a.m.23 views

EUVD-2026-31814

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

6.9CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/24 11:15 a.m.23 views

EUVD-2026-31588

A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument regDomain/ABandregDomain/nic0Addr/nic1Addr/wlanAddr/inicAddr results in command injection. It is...

6.5CVSS6.4AI score0.01171EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 12:31 a.m.23 views

EUVD-2026-30988

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/17 10:45 a.m.23 views

EUVD-2026-30694

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS5.8AI score0.00497EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 9:0 a.m.23 views

EUVD-2026-30691

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ranuefindbyamfuengapid of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public...

6.5CVSS6.1AI score0.00224EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/17 7:30 a.m.23 views

EUVD-2026-30688

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS6.1AI score0.00331EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 4:15 a.m.23 views

EUVD-2026-30680

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS5.4AI score0.0038EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/17 12:45 a.m.23 views

EUVD-2026-30676

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

7.5CVSS6.7AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 12:31 p.m.23 views

EUVD-2026-30538

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00497EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 3:6 a.m.23 views

EUVD-2025-209882

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

7.3CVSS5.8AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 2:6 a.m.23 views

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 1:47 a.m.23 views

EUVD-2025-209862

Improper Input validation in the AMD Secure Processor ASP PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service...

6.9CVSS6AI score0.00112EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 9:14 p.m.23 views

EUVD-2026-30086

vm2 Has a Sandbox Breakout Using Async Generator...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.24 views

EUVD-2026-30016

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.7AI score0.00114EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/13 6:30 p.m.23 views

EUVD-2026-30040

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

8.8CVSS6.1AI score0.00445EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.23 views

EUVD-2026-30014

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

5.8AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 7:44 a.m.23 views

EUVD-2026-29916

The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 5:29 a.m.23 views

EUVD-2025-209822

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 6:30 p.m.23 views

EUVD-2026-29593

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.23 views

EUVD-2026-29599

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.23 views

EUVD-2026-29569

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network...

7.5CVSS6.1AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:31 p.m.23 views

EUVD-2026-29466

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3...

5.8AI score0.00298EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 9:31 a.m.23 views

EUVD-2026-29414

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.23 views

EUVD-2026-29154

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet...

8.4CVSS6.2AI score0.00812EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/11 12:32 p.m.23 views

EUVD-2026-29044

Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...

8CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 12:31 a.m.23 views

EUVD-2026-29006

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smfnsmfhandlecreatedatainhsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized...

5.3CVSS5.4AI score0.00378EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/10 3:31 p.m.23 views

EUVD-2022-55989

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/08 3:31 p.m.23 views

EUVD-2026-28629

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CHCCNTXT0 to CHCCNTXT1. The v5.0 register definition intended to define this field in the CHCCNTXT1 fmask array but...

5.7AI score0.00353EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/07 9:30 p.m.23 views

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

5.8AI score0.00813EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/07 9:30 p.m.23 views

EUVD-2026-28426

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

5.9AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/06 3:32 p.m.23 views

EUVD-2025-209688

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.23 views

EUVD-2026-27819

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

5.8AI score0.00129EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/06 12:30 p.m.23 views

EUVD-2026-27817

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

5.8AI score0.00138EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 6:31 a.m.23 views

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 3:45 a.m.23 views

EUVD-2026-26883

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/03 3:45 p.m.23 views

EUVD-2026-26840

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.8AI score0.00314EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/02 11:16 a.m.23 views

EUVD-2026-26780

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...

7.5CVSS6AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/07 6:31 p.m.23 views

EUVD-2026-19709

Memory-safety vulnerability in github.com/jackc/pgx/v5...

5.9AI score0.00561EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 12:31 a.m.23 views

EUVD-2026-11491

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...

6.5CVSS5.4AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/15 8:15 p.m.23 views

EUVD-2026-2712

A Buffer Over-read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device receives a BGP update with a set of specific optional transitive...

8.7CVSS6.3AI score0.00367EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/13 5:56 p.m.23 views

EUVD-2026-2150

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...

7.8CVSS6.5AI score0.00288EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/09 11:16 a.m.23 views

EUVD-2026-1751

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...

8.8CVSS6.3AI score0.0037EPSS
Exploits0References2
Total number of security vulnerabilities5000