Lucene search
K
EuvdMost viewed

417606 matches found

EUVD
EUVD
•added 2026/05/30 12:30 p.m.•17 views

EUVD-2026-33460

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogspoolidcalloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and could...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/30 9:29 a.m.•17 views

EUVD-2026-33454

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References6
EUVD
EUVD
•added 2026/05/29 7:7 p.m.•17 views

EUVD-2026-33423

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/29 5:18 p.m.•17 views

EUVD-2026-33376

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 3:11 p.m.•17 views

EUVD-2026-33336

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should...

6.5CVSS5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/29 1:45 p.m.•17 views

EUVD-2026-33322

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS7.8AI score0.00835EPSS
Exploits1References4
EUVD
EUVD
•added 2026/05/29 10:58 a.m.•17 views

EUVD-2025-209998

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

7.5CVSS6AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 8:37 a.m.•17 views

EUVD-2026-33268

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/29 5:32 a.m.•17 views

EUVD-2025-209981

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

8.8CVSS6AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/29 2:0 a.m.•17 views

EUVD-2026-33244

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•17 views

EUVD-2026-33116

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•17 views

EUVD-2026-33129

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...

6.2AI score0.00099EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•17 views

EUVD-2026-33083

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/29 12:38 a.m.•17 views

EUVD-2026-33164

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

6.2AI score0.00151EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/28 8:17 p.m.•17 views

EUVD-2026-33017

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS5.8AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 8:17 p.m.•17 views

EUVD-2026-33036

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

9.8CVSS5.8AI score0.00461EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 7:48 p.m.•17 views

EUVD-2026-33033

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 6:28 p.m.•17 views

EUVD-2026-32986

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free UAF and, theoretically, arbitrary code execution...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 5:17 p.m.•17 views

EUVD-2026-32959

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/28 5:12 p.m.•17 views

EUVD-2026-32958

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...

8.8CVSS5.8AI score0.00529EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/28 12:52 p.m.•17 views

EUVD-2026-32895

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/28 9:40 a.m.•17 views

EUVD-2026-32752

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

5.9AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/28 9:40 a.m.•17 views

EUVD-2026-32751

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

5.8AI score0.00119EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/28 9:40 a.m.•17 views

EUVD-2026-32851

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...

5.8AI score0.00117EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/28 9:36 a.m.•17 views

EUVD-2026-32815

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

5.8AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/27 5:9 p.m.•17 views

EUVD-2026-32602

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/27 3:33 p.m.•17 views

EUVD-2026-32251

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

5.8AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/27 3:33 p.m.•17 views

EUVD-2026-32213

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

5.8AI score0.00157EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/27 2:59 p.m.•17 views

EUVD-2026-32546

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

2.3CVSS5.8AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 2:13 p.m.•17 views

EUVD-2026-32510

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 12:56 p.m.•17 views

EUVD-2026-32415

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

5.7AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
•added 2026/05/27 9:49 a.m.•17 views

EUVD-2026-32206

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 9:49 a.m.•17 views

EUVD-2026-32184

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 9:24 a.m.•17 views

EUVD-2026-32168

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

5.8AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/27 8:40 a.m.•17 views

EUVD-2025-209961

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

8.6CVSS6AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/27 5:31 a.m.•17 views

EUVD-2026-32078

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes 'title', 'align', and 'width' in the tuxquotebuildforma...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/26 10:15 p.m.•17 views

EUVD-2026-32020

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7
EUVD
EUVD
•added 2026/05/26 9:21 p.m.•17 views

EUVD-2026-32007

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

8.3CVSS5.9AI score0.00505EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/26 8:45 p.m.•17 views

EUVD-2026-31996

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released ...

5.3CVSS5.4AI score0.00159EPSS
Exploits0References6
EUVD
EUVD
•added 2026/05/26 8:33 p.m.•17 views

EUVD-2026-31991

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/26 8:2 p.m.•17 views

EUVD-2026-31982

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP request or bind the nonce to the admin's session. If the admin's auth.api.signUpEmail call fails...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/26 7:27 p.m.•17 views

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/26 7:0 p.m.•17 views

EUVD-2026-31958

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
•added 2026/05/26 6:23 p.m.•17 views

EUVD-2026-31954

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...

9.8CVSS5.8AI score0.0058EPSS
Exploits0References1
EUVD
EUVD
•added 2026/05/26 5:45 p.m.•17 views

EUVD-2026-31945

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

4.8CVSS5.2AI score0.00115EPSS
Exploits0References7
EUVD
EUVD
•added 2026/05/26 5:43 p.m.•17 views

EUVD-2026-31943

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/26 5:42 p.m.•17 views

EUVD-2026-31942

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/26 5:24 p.m.•17 views

EUVD-2026-31933

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.8AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
•added 2026/05/26 5:19 p.m.•17 views

EUVD-2026-31926

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References3
EUVD
EUVD
•added 2026/05/26 5:17 p.m.•17 views

EUVD-2026-31924

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of...

5.6CVSS5.8AI score0.00155EPSS
Exploits0References3
Total number of security vulnerabilities5000