Lucene search
K
EuvdMost viewed

417808 matches found

EUVD
EUVD
added 2026/06/09 3:47 a.m.17 views

EUVD-2026-35320

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS5.4AI score0.00573EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:33 a.m.17 views

EUVD-2026-35251

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 12:33 a.m.17 views

EUVD-2026-35228

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

6.8CVSS5.5AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:0 a.m.17 views

EUVD-2026-35013

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS7.1AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 1:55 a.m.17 views

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 12:30 a.m.17 views

EUVD-2026-34994

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...

7.5CVSS5.1AI score0.00313EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/04 1:26 a.m.17 views

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 12:30 a.m.17 views

EUVD-2026-34184

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 4:6 p.m.17 views

EUVD-2026-34135

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 3:50 p.m.17 views

EUVD-2026-34130

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.7AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 3:49 p.m.17 views

EUVD-2025-210057

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/03 5:56 a.m.17 views

EUVD-2026-34067

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:0 a.m.17 views

EUVD-2026-34154

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.8AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.17 views

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 7:48 a.m.17 views

EUVD-2026-33898

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 1:30 a.m.17 views

EUVD-2026-33871

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00224EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33822

Memory Corruption when processing fastboot commands to set display mode...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33810

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.2AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33781

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33798

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33779

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00068EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.17 views

EUVD-2026-33768

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:0 a.m.17 views

EUVD-2026-33969

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.5AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 6:31 p.m.17 views

EUVD-2026-33701

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:0 p.m.17 views

EUVD-2026-33739

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 5:46 p.m.17 views

EUVD-2026-33732

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:13 p.m.17 views

EUVD-2026-33720

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

6.8CVSS5.7AI score0.00252EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:9 p.m.17 views

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/01 4:57 p.m.17 views

EUVD-2026-33709

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...

6.4CVSS5.7AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:52 p.m.17 views

EUVD-2026-33705

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

4.4CVSS5.9AI score0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 2:41 p.m.17 views

EUVD-2026-33651

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 11:45 a.m.17 views

EUVD-2026-33633

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

6.9CVSS5.8AI score0.00329EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 5:30 a.m.17 views

EUVD-2026-33561

A vulnerability was found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admissionformcheck.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00199EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 3:20 a.m.17 views

EUVD-2026-33544

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 1:0 p.m.17 views

EUVD-2026-33504

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/31 12:31 a.m.17 views

EUVD-2026-33473

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

5.3CVSS4.4AI score0.0028EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/30 4:0 p.m.17 views

EUVD-2026-33468

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

9CVSS6.4AI score0.00447EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 12:30 p.m.17 views

EUVD-2026-33460

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogspoolidcalloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and could...

5.3CVSS5.5AI score0.00271EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/30 9:29 a.m.17 views

EUVD-2026-33454

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References6
EUVD
EUVD
added 2026/05/29 7:7 p.m.17 views

EUVD-2026-33423

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 3:11 p.m.17 views

EUVD-2026-33336

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should...

6.5CVSS5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 1:45 p.m.17 views

EUVD-2026-33322

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS7.8AI score0.00835EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/29 12:39 p.m.17 views

EUVD-2026-33293

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 10:58 a.m.17 views

EUVD-2025-209998

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

7.5CVSS6AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:37 a.m.17 views

EUVD-2026-33268

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 2:0 a.m.17 views

EUVD-2026-33244

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:38 a.m.17 views

EUVD-2026-33129

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...

6.2AI score0.00099EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.17 views

EUVD-2026-33121

Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.17 views

EUVD-2026-33083

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.17 views

EUVD-2026-33096

Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00214EPSS
Exploits0References3
Total number of security vulnerabilities5000