Lucene search
K
EuvdMost viewed

417977 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-7320

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.0044EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-6077

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01327EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-27295

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.01249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2021-7396

Malicious code in bioql PyPI...

8.4CVSS8.2AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2023-30327

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-5499

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00798EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2023-58949

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00643EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-30464

Malicious code in bioql PyPI...

4CVSS4.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2025/07/25 2:23 a.m.23 views

EUVD-2019-19374

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system...

9.8CVSS7.8AI score0.16682EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/26 9:48 p.m.22 views

EUVD-2026-31658

Cargo crates in third party registries can override the cached source of other crates...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.22 views

EUVD-2026-35683

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.4AI score0.0087EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 11:52 a.m.22 views

EUVD-2026-35405

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...

5.4AI score0.0018EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 3:17 p.m.22 views

EUVD-2026-34849

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

6.5CVSS5.7AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.22 views

EUVD-2026-33774

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00074EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 9:3 a.m.22 views

EUVD-2026-33610

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

8.8CVSS5.9AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 4:0 a.m.22 views

EUVD-2026-33555

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.2AI score0.00266EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/30 3:32 p.m.22 views

EUVD-2026-33466

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

5.8AI score0.002EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/30 2:55 p.m.22 views

EUVD-2018-21945

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

6.9CVSS6AI score0.0014EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 12:13 p.m.22 views

EUVD-2026-33459

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

5.8AI score0.00124EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/28 5:12 p.m.22 views

EUVD-2026-32958

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...

8.8CVSS5.8AI score0.00529EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 3:45 p.m.22 views

EUVD-2026-32929

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 4:42 a.m.22 views

EUVD-2026-32718

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 12:56 p.m.22 views

EUVD-2026-32402

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermalzonedeviceregisterwithtrips fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which ma...

5.8AI score0.00119EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 8:36 p.m.22 views

EUVD-2026-31992

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/26 7:30 p.m.22 views

EUVD-2026-31963

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit h...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 2:38 p.m.22 views

EUVD-2026-31846

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

5.8AI score0.0049EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/25 7:45 a.m.22 views

EUVD-2026-31649

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 12:31 a.m.22 views

EUVD-2025-209901

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

5.1CVSS5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/17 6:15 a.m.22 views

EUVD-2026-30685

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

4.3CVSS5.4AI score0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 4:30 a.m.22 views

EUVD-2026-30682

A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and...

7.5CVSS6.9AI score0.00261EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 12:31 a.m.22 views

EUVD-2026-30666

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

5.8AI score0.00355EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 8:52 p.m.22 views

EUVD-2026-30635

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

8.7CVSS6.1AI score0.00603EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/15 7:30 p.m.22 views

EUVD-2026-30613

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 4:41 p.m.22 views

EUVD-2026-30568

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 2:59 a.m.22 views

EUVD-2025-209881

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

2CVSS5.9AI score0.00072EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 2:58 a.m.22 views

EUVD-2024-55588

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

7CVSS6.1AI score0.00082EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 1:53 a.m.22 views

EUVD-2025-209874

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution...

7.1CVSS6.1AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 1:41 a.m.22 views

EUVD-2026-30496

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS6AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 6:31 p.m.22 views

EUVD-2026-30362

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...

9.3CVSS6AI score0.01032EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 1:8 p.m.22 views

EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/14 6:44 a.m.22 views

EUVD-2026-30254

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoogdprupddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.22 views

EUVD-2026-30023

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.8AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/13 6:30 p.m.23 views

EUVD-2026-30025

In the Linux kernel, the following vulnerability has been resolved: liveupdate: luofile: remember retrieve status LUO keeps track of successful retrieve attempts on a LUO file. It does so to avoid multiple retrievals of the same file. Multiple retrievals cause problems because once the file is...

5.6AI score0.00102EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 1:27 p.m.22 views

EUVD-2026-29953

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 6:30 p.m.22 views

EUVD-2026-29607

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:31 p.m.22 views

EUVD-2026-29460

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 12:32 p.m.22 views

EUVD-2026-29422

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/10 3:31 p.m.22 views

EUVD-2022-55987

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/09 9:32 p.m.22 views

EUVD-2026-28941

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

5.3CVSS5.3AI score0.00851EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/09 7:38 p.m.22 views

EUVD-2026-28925

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References7
Total number of security vulnerabilities5000