Lucene search
K
EuvdMost viewed

417923 matches found

EUVD
EUVD
•added 2026/05/14 8:32 p.m.•18 views

EUVD-2026-30480

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/14 5:36 p.m.•18 views

EUVD-2025-209858

Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/14 8:24 a.m.•18 views

EUVD-2026-30257

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References2
EUVD
EUVD
•added 2026/05/14 5:33 a.m.•18 views

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/13 9:32 p.m.•18 views

EUVD-2026-30135

A denial of service DoS vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet...

7.1CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/13 9:32 p.m.•18 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/13 6:30 p.m.•18 views

EUVD-2026-30022

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

5.8AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/13 6:30 p.m.•18 views

EUVD-2026-29977

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 9:31 p.m.•18 views

EUVD-2026-29754

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29681

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...

9.8CVSS6.1AI score0.72253EPSS
Exploits31References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29682

Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.00842EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29654

Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29651

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.04725EPSS
Exploits4References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29621

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29642

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

7.8CVSS5.8AI score0.00408EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29612

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29616

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•18 views

EUVD-2026-29586

Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.02014EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/12 4:59 p.m.•18 views

EUVD-2026-29696

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.0052EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/12 3:31 p.m.•18 views

EUVD-2026-29462

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/12 3:9 p.m.•18 views

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/11 12:32 p.m.•18 views

EUVD-2026-29046

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/10 3:31 p.m.•18 views

EUVD-2022-55988

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET request...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/10 3:31 p.m.•18 views

EUVD-2021-34811

WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/10 3:31 p.m.•18 views

EUVD-2022-55985

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/10 3:31 p.m.•18 views

EUVD-2022-55978

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References4
EUVD
EUVD
•added 2026/05/09 2:58 a.m.•18 views

EUVD-2026-28898

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 7:46 p.m.•18 views

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28699

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfsmapblock after btrfschunkmapnumcopies Fix a chunk map leak in btrfsmapblock: if we return early with -EINVAL, we're not freeing the chunk map that we've just looked up...

5.8AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28710

In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmmrangefault livelock / starvation problem If hmmrangefault fails a foliotrylock in doswappage, trying to acquire the lock of a device-private folio for migration, to ram, the function will spin until it succeeds...

5.8AI score0.00093EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/08 3:31 p.m.•18 views

EUVD-2026-28610

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

5.8AI score0.00083EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/08 12:31 p.m.•18 views

EUVD-2026-28542

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

10CVSS6.3AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 9:31 a.m.•18 views

EUVD-2026-28537

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 9:31 a.m.•18 views

EUVD-2026-28536

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/08 12:31 a.m.•18 views

EUVD-2026-28457

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28361

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2...

7.3CVSS5.8AI score0.00317EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/07 3:38 p.m.•18 views

EUVD-2026-28358

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/07 4:18 a.m.•18 views

EUVD-2026-28315

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/06 12:30 p.m.•18 views

EUVD-2026-27610

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/06 12:30 p.m.•18 views

EUVD-2026-27626

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...

5.8AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/06 12:30 p.m.•18 views

EUVD-2026-27612

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

5.7AI score0.00426EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/05 6:35 p.m.•18 views

EUVD-2026-27420

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/05 6:33 p.m.•18 views

EUVD-2026-27335

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

6.1AI score0.01275EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/05 4:23 p.m.•18 views

EUVD-2026-26986

VM2 Has Sandbox Breakout Through Promise Species...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
EUVD
EUVD
•added 2026/05/05 3:31 p.m.•18 views

EUVD-2026-27333

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function getcsrfwhites of the file /cgi/advanced/miscmain.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and...

10CVSS7.7AI score0.0063EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/05 9:31 a.m.•18 views

EUVD-2026-27227

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

9.3CVSS5.8AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/05 12:40 a.m.•18 views

EUVD-2026-25603

Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream...

5.3CVSS5.8AI score0.0024EPSS
Exploits1References2
EUVD
EUVD
•added 2026/05/05 12:18 a.m.•18 views

EUVD-2026-25590

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References2
EUVD
EUVD
•added 2026/05/04 6:5 a.m.•18 views

EUVD-2026-26902

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References1
Total number of security vulnerabilities5000