Lucene search
K
EuvdMost viewed

417617 matches found

EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2022-5776

Malicious code in bioql PyPI...

4.3CVSS7.5AI score0.01463EPSS
Exploits3References10
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2024-36756

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2022-52715

Malicious code in bioql PyPI...

8.2CVSS8.4AI score0.00377EPSS
Exploits0References2
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2024-34423

Malicious code in bioql PyPI...

9.1CVSS9AI score0.20769EPSS
Exploits1References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2023-51507

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.005EPSS
Exploits0References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2025-13881

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2023-0335

Malicious code in bioql PyPI...

7.5CVSS5.6AI score0.00845EPSS
Exploits1References3
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2023-1947

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00722EPSS
Exploits0References3
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2023-37208

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.003EPSS
Exploits0References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2025-22905

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2022-0122

Malicious code in bioql PyPI...

9.1CVSS9AI score0.02184EPSS
Exploits1References14
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2024-28408

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00594EPSS
Exploits0References2
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2022-27225

Malicious code in bioql PyPI...

8.4CVSS7.8AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•21 views

EUVD-2022-27454

Malicious code in bioql PyPI...

7.8CVSS7.4AI score0.00736EPSS
Exploits0References2
EUVD
EUVD
•added 2025/03/24 3:39 p.m.•21 views

EUVD-2023-29551

A buffer underwrite 'buffer underflow' vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, versio...

9.8CVSS7.8AI score0.17797EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/22 9:4 p.m.•20 views

EUVD-2026-38375

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to...

6.1CVSS5.9AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/16 9:32 p.m.•20 views

EUVD-2026-37193

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:31 p.m.•20 views

EUVD-2026-35475

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•20 views

EUVD-2026-35644

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS7.1AI score0.00505EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•20 views

EUVD-2026-35465

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...

7.2CVSS5.4AI score0.00278EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/09 5:5 p.m.•20 views

EUVD-2026-35574

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00763EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/03 12:0 a.m.•20 views

EUVD-2026-34155

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/02 7:48 a.m.•20 views

EUVD-2025-210029

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/01 5:8 p.m.•20 views

EUVD-2026-33716

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/01 7:22 a.m.•20 views

EUVD-2026-33576

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References2
EUVD
EUVD
•added 2026/05/31 9:0 a.m.•20 views

EUVD-2026-33496

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

6.5CVSS5.6AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
•added 2026/05/29 7:33 p.m.•20 views

EUVD-2026-33431

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 7:32 p.m.•20 views

EUVD-2026-33430

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 6:30 p.m.•20 views

EUVD-2026-33418

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/29 6:43 a.m.•20 views

EUVD-2026-33254

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•20 views

EUVD-2026-33118

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•20 views

EUVD-2026-33127

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/28 6:27 p.m.•20 views

EUVD-2026-32982

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

3.3CVSS5.8AI score0.00091EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 4:25 p.m.•20 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 12:57 p.m.•20 views

EUVD-2026-32427

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

5.8AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/27 5:31 a.m.•20 views

EUVD-2026-32071

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/26 6:30 p.m.•20 views

EUVD-2026-31955

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

4.8CVSS5.3AI score0.00161EPSS
Exploits1References7
EUVD
EUVD
•added 2026/05/26 5:22 p.m.•20 views

EUVD-2026-31930

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, a...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/26 3:45 p.m.•20 views

EUVD-2026-31901

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
•added 2026/05/26 1:6 a.m.•20 views

EUVD-2025-209927

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.7AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/25 9:19 a.m.•20 views

EUVD-2026-31661

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS5.8AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/22 12:0 a.m.•20 views

EUVD-2026-31476

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6AI score0.00132EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/20 1:9 p.m.•20 views

EUVD-2026-31101

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
Exploits2References1
EUVD
EUVD
•added 2026/05/20 12:31 a.m.•20 views

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6AI score0.00282EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/20 12:31 a.m.•20 views

EUVD-2025-209901

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

5.1CVSS5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/19 7:23 p.m.•20 views

EUVD-2026-29950

Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References5
EUVD
EUVD
•added 2026/05/19 6:46 a.m.•20 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
EUVD
EUVD
•added 2026/05/18 3:40 p.m.•20 views

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/18 11:5 a.m.•20 views

EUVD-2026-30767

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/17 11:30 a.m.•20 views

EUVD-2026-30697

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

7.5CVSS6.7AI score0.00409EPSS
Exploits0References4
Total number of security vulnerabilities5000