Lucene search
K
EuvdMost viewed

418056 matches found

EUVD
EUVD
added 2026/06/19 7:35 p.m.18 views

EUVD-2026-36540

parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...

5.9CVSS5.8AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.18 views

EUVD-2026-36804

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.4AI score0.00288EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.18 views

EUVD-2026-35860

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.18 views

EUVD-2026-35523

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.9CVSS5.4AI score0.01029EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.18 views

EUVD-2026-35517

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...

8.2CVSS5.7AI score0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.18 views

EUVD-2026-35646

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS5.7AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.18 views

EUVD-2026-35662

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

7.8CVSS7.6AI score0.00455EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 5:6 p.m.18 views

EUVD-2026-35753

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:33 a.m.18 views

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.18 views

EUVD-2026-35342

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS5.5AI score0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:49 a.m.18 views

EUVD-2026-35325

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS5.4AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:47 a.m.18 views

EUVD-2026-35320

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS5.4AI score0.00573EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:33 a.m.18 views

EUVD-2026-35251

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 12:33 a.m.18 views

EUVD-2026-35228

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

6.8CVSS5.5AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:0 a.m.18 views

EUVD-2026-35013

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS7.1AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 8:34 p.m.18 views

EUVD-2026-33406

Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:40 a.m.18 views

EUVD-2026-34192

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS5.8AI score0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:30 a.m.18 views

EUVD-2026-34188

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 12:30 a.m.18 views

EUVD-2026-34185

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

3.6CVSS5AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/03 4:6 p.m.18 views

EUVD-2026-34135

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 3:49 p.m.18 views

EUVD-2026-34115

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

5.9AI score0.00136EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/03 9:25 a.m.18 views

EUVD-2025-210051

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8.8CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 9:4 a.m.18 views

EUVD-2025-210049

Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.18 views

EUVD-2025-210054

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/03 12:0 a.m.18 views

EUVD-2025-210053

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5CVSS5.8AI score0.00107EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 10:27 a.m.18 views

EUVD-2025-210038

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.18 views

EUVD-2026-33828

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 12:31 a.m.18 views

EUVD-2025-210019

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.18 views

EUVD-2026-33793

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:41 p.m.18 views

EUVD-2026-33757

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:31 p.m.18 views

EUVD-2026-33701

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 5:49 p.m.18 views

EUVD-2026-33734

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:3 p.m.18 views

EUVD-2026-33714

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 3:28 p.m.18 views

EUVD-2026-33692

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:47 p.m.18 views

EUVD-2026-33655

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS5.8AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:31 p.m.18 views

EUVD-2026-33648

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

9.4CVSS5.9AI score0.0072EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 12:0 a.m.18 views

EUVD-2025-210006

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/31 3:0 a.m.18 views

EUVD-2026-33485

A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack may be...

9CVSS7.9AI score0.00472EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 11:0 a.m.18 views

EUVD-2026-33458

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

5.3CVSS5.4AI score0.00391EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 6:15 p.m.18 views

EUVD-2026-33390

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

4.5CVSS6.2AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:52 p.m.18 views

EUVD-2026-30842

ExifReader is vulnerable to denial of service via unbounded decompression of image metadata...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 5:47 p.m.18 views

EUVD-2026-33403

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

6.9CVSS5.8AI score0.00376EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:9 p.m.18 views

EUVD-2026-33334

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 12:26 p.m.18 views

EUVD-2026-33286

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:32 a.m.18 views

EUVD-2026-33252

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...

6.4CVSS6AI score0.00197EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 5:32 a.m.18 views

EUVD-2025-209981

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

8.8CVSS6AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 5:24 a.m.18 views

EUVD-2026-33249

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.18 views

EUVD-2026-33116

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.18 views

EUVD-2026-33166

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 12:30 p.m.18 views

EUVD-2026-32862

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References2
Total number of security vulnerabilities5000