Lucene search
K
EuvdMost viewed

417612 matches found

EUVD
EUVD
added 2026/06/01 8:15 p.m.16 views

EUVD-2026-33763

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

5.3CVSS4.3AI score0.00338EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 6:16 p.m.16 views

EUVD-2026-33744

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:15 p.m.16 views

EUVD-2026-33743

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/01 6:1 p.m.16 views

EUVD-2026-33740

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

8.5CVSS6.5AI score0.00487EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:46 p.m.16 views

EUVD-2026-33732

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:20 p.m.16 views

EUVD-2026-33723

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.8AI score0.00315EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:18 p.m.16 views

EUVD-2026-33722

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

4.3CVSS5.8AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 5:13 p.m.16 views

EUVD-2026-33720

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

6.8CVSS5.7AI score0.00252EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:9 p.m.16 views

EUVD-2026-33718

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:59 p.m.16 views

EUVD-2026-33711

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

4.3CVSS5.8AI score0.00281EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/01 4:57 p.m.16 views

EUVD-2026-33710

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS5.7AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:51 p.m.16 views

EUVD-2026-33702

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to force the system to share a file with approvers. This results in an authorization bypass and...

6.5CVSS5.7AI score0.00358EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 2:55 p.m.16 views

EUVD-2026-33658

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.26468EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/01 2:54 p.m.16 views

EUVD-2026-33657

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:47 p.m.16 views

EUVD-2026-33655

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS5.8AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:41 p.m.16 views

EUVD-2026-33651

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 1:45 p.m.16 views

EUVD-2026-33644

A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 7:51 a.m.16 views

EUVD-2026-33592

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.00458EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:51 a.m.16 views

EUVD-2026-33591

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

5.8AI score0.00369EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:47 a.m.16 views

EUVD-2026-33586

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

5.3CVSS5.9AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 6:30 a.m.16 views

EUVD-2026-33565

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

5.3CVSS5.6AI score0.00115EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/31 3:30 a.m.16 views

EUVD-2026-33487

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/31 12:31 a.m.16 views

EUVD-2026-33472

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 7:3 p.m.16 views

EUVD-2026-33422

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 6:15 p.m.16 views

EUVD-2026-33416

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:44 p.m.16 views

EUVD-2026-33400

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 4:41 p.m.16 views

EUVD-2026-33363

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:12 p.m.16 views

EUVD-2026-33339

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 3:11 p.m.16 views

EUVD-2026-33337

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 8:34 a.m.16 views

EUVD-2026-33267

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 8:30 a.m.16 views

EUVD-2026-33266

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

8.3CVSS5.8AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 2:27 a.m.16 views

EUVD-2026-33247

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33117

Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33137

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33132

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33128

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33121

Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33124

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33125

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33120

Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00234EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33106

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

6.2AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33140

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.9AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33103

Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33086

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33100

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

5.8AI score0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33096

Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33224

Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00209EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.16 views

EUVD-2026-33066

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

8.7CVSS5.8AI score0.01403EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 12:0 a.m.16 views

EUVD-2026-33351

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

7.2CVSS6.1AI score0.00782EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 8:17 p.m.16 views

EUVD-2026-33048

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Payroll. Successful...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References1
Total number of security vulnerabilities5000