Lucene search
K
EuvdMost viewed

417907 matches found

EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2022-3307

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.03788EPSS
Exploits0References22
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2022-6894

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00405EPSS
Exploits0References6
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2025-22109

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00841EPSS
Exploits0References3
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2024-48685

Malicious code in bioql PyPI...

9.8CVSS7AI score0.04707EPSS
Exploits0References4
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2021-30344

Malicious code in bioql PyPI...

9.3CVSS6.4AI score0.00937EPSS
Exploits2References2
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•20 views

EUVD-2025-21386

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
•added 2020/10/16 10:18 p.m.•20 views

EUVD-2020-8925

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

9.3CVSS7.7AI score0.03871EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/23 12:13 p.m.•19 views

EUVD-2026-38434

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/10 12:31 a.m.•19 views

EUVD-2026-35862

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•19 views

EUVD-2026-35654

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network...

4.6CVSS7.1AI score0.00505EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•19 views

EUVD-2026-35648

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS6AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•19 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/09 3:50 a.m.•19 views

EUVD-2026-35334

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 12:30 a.m.•19 views

EUVD-2026-34992

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS5.1AI score0.00225EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/06 12:45 p.m.•19 views

EUVD-2026-34968

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS5.9AI score0.00481EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/05 12:31 a.m.•19 views

EUVD-2026-34341

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

7.8CVSS6.1AI score0.25323EPSS
Exploits2References3
EUVD
EUVD
•added 2026/06/02 12:31 a.m.•19 views

EUVD-2026-33782

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/01 6:0 p.m.•19 views

EUVD-2026-33738

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack c...

7.5CVSS6.8AI score0.00305EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/01 5:45 p.m.•19 views

EUVD-2026-33731

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...

6.5CVSS6.4AI score0.01088EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/01 5:45 p.m.•19 views

EUVD-2026-33730

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

8.8CVSS6.4AI score0.00439EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/01 5:30 p.m.•19 views

EUVD-2026-33725

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/01 12:45 p.m.•19 views

EUVD-2026-33637

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/01 9:4 a.m.•19 views

EUVD-2026-33612

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

8.8CVSS6AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/01 7:49 a.m.•19 views

EUVD-2026-33588

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

8.8CVSS5.8AI score0.00592EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/01 3:32 a.m.•19 views

EUVD-2026-33547

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/30 2:55 p.m.•19 views

EUVD-2018-21936

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/30 9:29 a.m.•19 views

EUVD-2026-33455

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
EUVD
EUVD
•added 2026/05/29 6:28 p.m.•19 views

EUVD-2026-33417

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 10:53 a.m.•19 views

EUVD-2025-209994

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 8:2 a.m.•19 views

EUVD-2026-33261

Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...

8.7CVSS6.1AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•19 views

EUVD-2026-33110

Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•19 views

EUVD-2026-33107

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•19 views

EUVD-2026-33080

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00319EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/28 8:47 p.m.•19 views

EUVD-2026-25909

Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save...

7CVSS5.9AI score0.00346EPSS
Exploits0References7
EUVD
EUVD
•added 2026/05/28 2:24 p.m.•19 views

EUVD-2026-32907

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 1:22 p.m.•19 views

EUVD-2026-32900

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References1
EUVD
EUVD
•added 2026/05/28 9:40 a.m.•19 views

EUVD-2026-32839

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...

5.7AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/28 9:36 a.m.•19 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.00478EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/27 6:31 p.m.•19 views

EUVD-2026-32628

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined...

8.7CVSS6.5AI score0.00489EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/27 6:30 p.m.•19 views

EUVD-2026-32627

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS5.9AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/27 5:55 p.m.•19 views

EUVD-2026-32620

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/27 3:33 p.m.•19 views

EUVD-2026-32385

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

5.8AI score0.0013EPSS
Exploits0References9
EUVD
EUVD
•added 2026/05/27 3:33 p.m.•19 views

EUVD-2026-32332

In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...

5.7AI score0.0016EPSS
Exploits0References9
EUVD
EUVD
•added 2026/05/27 2:13 p.m.•19 views

EUVD-2026-32517

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 12:56 p.m.•19 views

EUVD-2026-32401

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

5.9AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/27 9:49 a.m.•19 views

EUVD-2026-32205

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through 4.08.253...

9.9CVSS5.8AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 12:15 a.m.•19 views

EUVD-2026-32028

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/26 7:49 p.m.•19 views

EUVD-2026-31977

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/26 7:31 p.m.•19 views

EUVD-2026-31966

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/26 5:29 p.m.•19 views

EUVD-2026-31937

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References1
Total number of security vulnerabilities5000