Lucene search
K
EuvdMost viewed

417791 matches found

EUVD
EUVD
•added 2026/05/09 2:58 a.m.•18 views

EUVD-2026-28898

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 7:46 p.m.•18 views

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28762

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

5.8AI score0.00157EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28710

In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmmrangefault livelock / starvation problem If hmmrangefault fails a foliotrylock in doswappage, trying to acquire the lock of a device-private folio for migration, to ram, the function will spin until it succeeds...

5.8AI score0.00093EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28699

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfsmapblock after btrfschunkmapnumcopies Fix a chunk map leak in btrfsmapblock: if we return early with -EINVAL, we're not freeing the chunk map that we've just looked up...

5.8AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/08 12:31 p.m.•18 views

EUVD-2026-28542

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

10CVSS6.3AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 9:31 a.m.•18 views

EUVD-2026-28537

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 9:31 a.m.•18 views

EUVD-2026-28536

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•18 views

EUVD-2026-28457

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•18 views

EUVD-2026-28445

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28361

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2...

7.3CVSS5.8AI score0.00317EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28358

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 4:18 a.m.•18 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/06 9:31 p.m.•18 views

EUVD-2026-28188

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/06 6:37 p.m.•18 views

EUVD-2026-27885

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/06 12:30 p.m.•18 views

EUVD-2026-27610

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/05 6:35 p.m.•18 views

EUVD-2026-27420

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/05 4:23 p.m.•18 views

EUVD-2026-26986

VM2 Has Sandbox Breakout Through Promise Species...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
EUVD
EUVD
•added 2026/05/05 3:31 p.m.•18 views

EUVD-2026-27333

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function getcsrfwhites of the file /cgi/advanced/miscmain.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and...

10CVSS7.7AI score0.0063EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/05 9:31 a.m.•18 views

EUVD-2026-27227

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

9.3CVSS5.8AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/05 12:40 a.m.•18 views

EUVD-2026-25603

Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream...

5.3CVSS5.8AI score0.0024EPSS
Exploits1References2
EUVD
EUVD
•added 2026/05/05 12:18 a.m.•18 views

EUVD-2026-25590

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References2
EUVD
EUVD
•added 2026/05/04 6:5 a.m.•18 views

EUVD-2026-26902

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/03 10:30 p.m.•18 views

EUVD-2026-26845

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udrnudrdrhandlesubscriptioncontext of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made...

5.3CVSS5.5AI score0.00407EPSS
Exploits0References7
EUVD
EUVD
•added 2026/05/03 2:0 p.m.•18 views

EUVD-2026-26837

A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/03 8:45 a.m.•18 views

EUVD-2026-26825

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS5.5AI score0.01666EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/02 5:29 a.m.•18 views

EUVD-2026-26745

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
•added 2026/04/22 3:31 p.m.•18 views

EUVD-2026-24921

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

5.5AI score0.00129EPSS
Exploits0References6
EUVD
EUVD
•added 2026/04/22 9:31 a.m.•18 views

EUVD-2026-24662

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

9.1CVSS5.8AI score0.00729EPSS
Exploits0References14
EUVD
EUVD
•added 2026/04/22 9:31 a.m.•18 views

EUVD-2026-24639

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

5.6AI score0.96267EPSS
Exploits228References4
EUVD
EUVD
•added 2026/04/07 3:30 p.m.•18 views

EUVD-2026-19698

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/27 6:31 p.m.•18 views

EUVD-2026-16698

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/16 6:32 p.m.•18 views

EUVD-2026-12454

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries...

5.8AI score0.00277EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/11 12:9 a.m.•18 views

EUVD-2026-10908

Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing...

8.7CVSS5.8AI score0.005EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/04 6:31 p.m.•18 views

EUVD-2026-9469

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessin...

6.1CVSS6.1AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
•added 2026/03/04 9:31 a.m.•18 views

EUVD-2026-9375

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

9.2CVSS5.9AI score0.00142EPSS
Exploits1References2
EUVD
EUVD
•added 2026/02/25 6:25 p.m.•18 views

EUVD-2026-8705

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...

7.1CVSS5.5AI score0.0026EPSS
Exploits1References2
EUVD
EUVD
•added 2026/01/28 6:43 a.m.•18 views

EUVD-2026-4914

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References7
EUVD
EUVD
•added 2026/01/13 9:2 p.m.•18 views

EUVD-2026-2032

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

6.5CVSS6.3AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
•added 2026/01/13 5:57 p.m.•18 views

EUVD-2026-2151

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
•added 2026/01/10 12:30 a.m.•18 views

EUVD-2026-1861

EUVD-2026-1861...

10CVSS9.6AI score0.06369EPSS
Exploits1References6
EUVD
EUVD
•added 2026/01/08 9:13 p.m.•18 views

EUVD-2026-1462

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles...

6.4AI score
Exploits0References4
EUVD
EUVD
•added 2026/01/06 3:52 p.m.•18 views

EUVD-2026-1021

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS7.3AI score0.0033EPSS
Exploits1References7
EUVD
EUVD
•added 2025/12/31 12:31 a.m.•18 views

EUVD-2024-55372

Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affecte...

9.8CVSS6.7AI score0.00349EPSS
Exploits1References4
EUVD
EUVD
•added 2025/12/24 3:30 p.m.•18 views

EUVD-2025-205269

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through = 3.6.32...

5.4CVSS5.5AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
•added 2025/12/23 12:30 a.m.•18 views

EUVD-2023-60245

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.3CVSS7.9AI score0.00661EPSS
Exploits2References5
EUVD
EUVD
•added 2025/12/16 3:30 p.m.•18 views

EUVD-2025-203660

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down PC=3 According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with PowerCondition=3 and await a response. - Asserting...

6.1AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
•added 2025/12/04 7:15 a.m.•18 views

EUVD-2025-201147

Malicious code in elf-stats-lanternlit-snowman-834 npm...

6.6AI score
Exploits0References1
EUVD
EUVD
•added 2025/11/24 9:29 p.m.•18 views

EUVD-2025-199025

Malicious code in tanstack-shadcn-table npm...

6.6AI score
Exploits0References4
Total number of security vulnerabilities5000