Lucene search
K
EuvdMost viewed

417907 matches found

EUVD
EUVD
added 2026/06/22 9:4 p.m.20 views

EUVD-2026-38375

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to...

6.1CVSS5.9AI score0.00205EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37193

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:8 p.m.20 views

EUVD-2026-35391

TYPO3 CMS has Broken Access Control in its Form Framework...

7.6CVSS5.2AI score0.00238EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 1:55 p.m.20 views

EUVD-2026-36034

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS5.5AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.20 views

EUVD-2026-35677

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...

6.5CVSS5.4AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.20 views

EUVD-2026-35536

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.5AI score0.00671EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 5:6 p.m.20 views

EUVD-2026-35728

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:6 p.m.20 views

EUVD-2026-35724

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00473EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.20 views

EUVD-2026-35593

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...

9.6CVSS5.8AI score0.00438EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 9:51 a.m.20 views

EUVD-2026-35390

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...

9.3CVSS5.6AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/07 8:0 a.m.20 views

EUVD-2026-34988

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 12:0 a.m.20 views

EUVD-2026-34155

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 7:48 a.m.20 views

EUVD-2025-210029

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS6AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 5:8 p.m.20 views

EUVD-2026-33716

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:22 a.m.20 views

EUVD-2026-33576

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References2
EUVD
EUVD
added 2026/05/31 9:0 a.m.20 views

EUVD-2026-33496

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

6.5CVSS5.6AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 7:33 p.m.20 views

EUVD-2026-33431

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 7:32 p.m.20 views

EUVD-2026-33430

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:30 p.m.20 views

EUVD-2026-33418

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

7.4CVSS6AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 5:18 p.m.20 views

EUVD-2026-33376

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:43 a.m.20 views

EUVD-2026-33254

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 12:38 a.m.20 views

EUVD-2026-33118

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.20 views

EUVD-2026-33127

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.20 views

EUVD-2026-33210

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00246EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/28 6:27 p.m.20 views

EUVD-2026-32982

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

3.3CVSS5.8AI score0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:25 p.m.20 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.20 views

EUVD-2026-32275

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 12:57 p.m.20 views

EUVD-2026-32427

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

5.8AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 5:31 a.m.20 views

EUVD-2026-32071

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 6:30 p.m.20 views

EUVD-2026-31955

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

4.8CVSS5.3AI score0.00161EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/26 5:22 p.m.20 views

EUVD-2026-31930

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, a...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 5:8 p.m.20 views

EUVD-2026-31914

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 1:6 a.m.20 views

EUVD-2025-209927

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.7AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 9:19 a.m.20 views

EUVD-2026-31661

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS5.8AI score0.00125EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/23 1:15 p.m.20 views

EUVD-2026-31537

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/22 12:0 a.m.20 views

EUVD-2026-31476

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6AI score0.00132EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.20 views

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6AI score0.00282EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 6:46 a.m.20 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/18 3:40 p.m.20 views

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 11:5 a.m.20 views

EUVD-2026-30767

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 11:30 a.m.20 views

EUVD-2026-30697

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

7.5CVSS6.7AI score0.00409EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 7:45 a.m.20 views

EUVD-2026-30687

A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 2:26 a.m.20 views

EUVD-2026-30669

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 9:42 p.m.20 views

EUVD-2026-30664

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:55 p.m.20 views

EUVD-2026-30638

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/15 7:54 p.m.20 views

EUVD-2026-30615

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

8.1CVSS5.7AI score0.00284EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 7:46 a.m.20 views

EUVD-2026-30515

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 1:53 a.m.20 views

EUVD-2025-209871

A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash...

6.8CVSS6AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:50 p.m.20 views

EUVD-2026-30168

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References1
Total number of security vulnerabilities5000