Lucene search
K
EuvdMost viewed

417758 matches found

EUVD
EUVD
added 2026/05/18 6:51 a.m.18 views

EUVD-2026-30737

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 6:51 p.m.18 views

EUVD-2026-30707

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 12:0 p.m.18 views

EUVD-2026-30698

A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...

6.5CVSS6.3AI score0.01182EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 9:45 a.m.18 views

EUVD-2026-30693

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogstimeradd in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

5.3CVSS5.5AI score0.00372EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/17 6:45 a.m.18 views

EUVD-2026-30686

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 3:30 a.m.18 views

EUVD-2026-30679

A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/snssais results in denial of service. The attack is possible to be carried out remotely. The exploi...

5.3CVSS5.5AI score0.0039EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/15 9:29 p.m.18 views

EUVD-2026-30658

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint,...

4.6CVSS5.8AI score0.00165EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:12 p.m.18 views

EUVD-2026-30648

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

4.3CVSS5.8AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:3 p.m.18 views

EUVD-2026-30644

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS5.8AI score0.00266EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:37 p.m.18 views

EUVD-2026-30631

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:0 p.m.18 views

EUVD-2026-30603

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 7:40 p.m.18 views

EUVD-2026-30618

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

6.5CVSS5.8AI score0.00366EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 7:28 p.m.18 views

EUVD-2026-30614

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 12:31 p.m.18 views

EUVD-2026-30539

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00397EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 7:30 a.m.19 views

EUVD-2026-30514

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

9.8CVSS5.8AI score0.01456EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/15 2:9 a.m.18 views

EUVD-2025-209873

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

5.3CVSS5.8AI score0.00125EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 8:32 p.m.18 views

EUVD-2026-30480

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 7:52 p.m.18 views

EUVD-2026-30385

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:36 p.m.18 views

EUVD-2025-209858

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 8:24 a.m.18 views

EUVD-2026-30257

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/14 5:33 a.m.18 views

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.18 views

EUVD-2026-30135

A denial of service DoS vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet...

7.1CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.18 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.18 views

EUVD-2026-30017

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

5.8AI score0.00119EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.18 views

EUVD-2026-30022

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

5.8AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/13 6:30 p.m.18 views

EUVD-2026-29977

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:31 p.m.18 views

EUVD-2026-29754

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29681

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...

9.8CVSS6.1AI score0.72253EPSS
Exploits31References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29682

Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.00842EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29654

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29651

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.04725EPSS
Exploits4References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29621

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29642

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

7.8CVSS5.8AI score0.00408EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29612

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29586

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.02014EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 4:59 p.m.18 views

EUVD-2026-29696

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.0052EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.18 views

EUVD-2026-29462

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 3:9 p.m.18 views

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.18 views

EUVD-2026-29386

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 12:32 p.m.18 views

EUVD-2026-29046

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2022-55988

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET request...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2021-34811

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2022-55985

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2022-55978

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2021-34810

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2022-55981

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

6.1CVSS5.9AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 3:31 p.m.18 views

EUVD-2021-34794

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcpregisterandloginajax action with tcprole set to...

9.8CVSS5.8AI score0.00403EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/09 2:58 a.m.18 views

EUVD-2026-28898

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 7:46 p.m.18 views

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.18 views

EUVD-2026-28762

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

5.8AI score0.00157EPSS
Exploits0References5
Total number of security vulnerabilities5000