Lucene search
K
EuvdMost viewed

417654 matches found

EUVD
EUVD
added 2026/05/26 8:22 p.m.21 views

EUVD-2026-31989

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:11 p.m.21 views

EUVD-2026-31918

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/23 4:27 a.m.21 views

EUVD-2026-31525

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 1:9 p.m.21 views

EUVD-2026-31101

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/20 12:31 a.m.21 views

EUVD-2025-209901

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

5.1CVSS5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 7:23 p.m.21 views

EUVD-2026-29950

Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/19 2:58 a.m.21 views

EUVD-2026-30826

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.1CVSS6.3AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 5:15 a.m.21 views

EUVD-2026-30684

A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly availab...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 5:0 a.m.21 views

EUVD-2026-30671

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 7:59 p.m.21 views

EUVD-2026-30604

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 12:58 p.m.21 views

EUVD-2026-30540

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...

5.8AI score0.0138EPSS
Exploits6References7
EUVD
EUVD
added 2026/05/15 6:45 a.m.21 views

EUVD-2026-30507

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'adminhead' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.1CVSS5.7AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 2:42 a.m.21 views

EUVD-2025-209877

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 1:51 a.m.21 views

EUVD-2025-209870

Use of uninitialized resource within the AMD Platform Management Framework PMF could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability...

6.9CVSS5.8AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:44 a.m.21 views

EUVD-2026-30254

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoogdprupddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 9:31 p.m.21 views

EUVD-2026-29824

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8
EUVD
EUVD
added 2026/05/12 6:30 p.m.21 views

EUVD-2026-29607

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 a.m.21 views

EUVD-2026-29409

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaAppsAdminAppPage function. This makes it possible for unauthenticated attackers to trick a site...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 3:31 a.m.21 views

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 9:31 p.m.21 views

EUVD-2026-29180

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00696EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.21 views

EUVD-2026-29143

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.21 views

EUVD-2022-55982

WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page setting...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.21 views

EUVD-2021-34793

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 12:33 a.m.21 views

EUVD-2026-28942

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 7:38 p.m.21 views

EUVD-2026-28925

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6CVSS5.7AI score0.00299EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/07 9:30 p.m.21 views

EUVD-2026-28424

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/07 3:9 a.m.21 views

EUVD-2026-28302

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...

3.7CVSS5.8AI score0.00337EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:30 p.m.21 views

EUVD-2026-27659

In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2fiemap, we are calling iomapfiemap while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page...

5.9AI score0.00114EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/06 12:30 p.m.21 views

EUVD-2026-27667

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...

5.8AI score0.00114EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/06 12:30 p.m.21 views

EUVD-2026-27635

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

5.8AI score0.00247EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/06 12:30 p.m.21 views

EUVD-2026-27592

In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...

5.8AI score0.00128EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/04 4:43 p.m.21 views

EUVD-2026-27019

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...

9.6CVSS6.4AI score0.00477EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/03 6:30 a.m.21 views

EUVD-2026-26821

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

6.5CVSS5.5AI score0.01543EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/29 11:35 a.m.21 views

EUVD-2026-26207

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...

5.3CVSS5.4AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 1:49 p.m.21 views

EUVD-2026-26061

Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1...

7.3CVSS5.9AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 4:28 a.m.21 views

EUVD-2026-25984

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00195EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/24 5:20 p.m.21 views

EUVD-2026-25587

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

8.3CVSS5.6AI score0.00412EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 2:42 p.m.21 views

EUVD-2026-25519

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize letmp64 in rtwBIPverify Initialize letmp64 to zero in rtwBIPverify to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte u64 variable, leaving the last two...

5.4AI score0.00288EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/23 9:31 p.m.21 views

EUVD-2026-25265

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...

8.6CVSS6.1AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/16 10:4 p.m.21 views

EUVD-2026-23318

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.8CVSS6.1AI score0.0016EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.21 views

EUVD-2026-22367

Concurrent execution using shared resource with improper synchronization 'race condition' in Applocker Filter Driver applockerfltr.sys allows an authorized attacker to elevate privileges locally...

7CVSS5.9AI score0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 4:7 p.m.21 views

EUVD-2026-20950

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...

8.5CVSS5.9AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 12:32 a.m.21 views

EUVD-2026-20700

Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 9:31 a.m.21 views

EUVD-2026-20387

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

6.5CVSS5.9AI score0.0013EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 8:29 p.m.21 views

EUVD-2026-17979

Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 8:27 p.m.21 views

EUVD-2026-17636

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/19 9:30 p.m.21 views

EUVD-2026-13182

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00651EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 a.m.21 views

EUVD-2025-208865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4...

7.1CVSS5.8AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 8:46 p.m.21 views

EUVD-2023-48031

EVE: SSH as Root Unlockable Without Triggering Measured Boot...

8.8CVSS7.9AI score0.0016EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/21 6:56 p.m.21 views

EUVD-2025-206322

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

6.5CVSS5.4AI score0.0029EPSS
Exploits1References1
Total number of security vulnerabilities5000