417556 matches found
EUVD-2026-27221
A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...
EUVD-2026-25605
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...
EUVD-2026-25608
Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0...
EUVD-2026-26941
A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...
EUVD-2026-26820
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...
EUVD-2026-26810
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...
EUVD-2026-26541
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix race between getherdisconnect and ethstop A race condition between getherdisconnect and ethstop leads to a NULL pointer dereference. Specifically, if ethstop is triggered concurrently while getherdisconne...
EUVD-2026-26531
A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...
EUVD-2026-26381
When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...
EUVD-2026-25698
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
EUVD-2026-25658
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
EUVD-2026-25478
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on startstreaming failure syzbot reported a memory leak in vidtvpsiservicedescinit 1. When vidtvstartstreaming fails inside vidtvstartfeed, the nfeeds counter is left incremented even...
EUVD-2026-24921
In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...
EUVD-2026-24362
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...
EUVD-2026-24113
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...
EUVD-2026-22561
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
EUVD-2026-22449
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...
EUVD-2026-22012
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chkprodavailability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit i...
EUVD-2026-20781
OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...
EUVD-2026-19123
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function loadfilesfromdisk/listfilesfromdisk/savecontenttofile/savememoryartifactstodisk of the component FileManagerTool. Such manipulation leads to path traversal. The attack may be...
EUVD-2024-55520
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...
EUVD-2026-16245
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...
EUVD-2026-15194
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
EUVD-2026-14516
MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...
EUVD-2026-14407
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
EUVD-2026-13688
Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...
EUVD-2026-13178
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2025-208538
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...
EUVD-2026-10139
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...
EUVD-2025-208321
A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...
EUVD-2026-9828
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbshttp/httpclient.Rs and...
EUVD-2026-9760
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through = 1.7.7...
EUVD-2025-208287
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard...
EUVD-2026-9460
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this...
EUVD-2025-208267
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...
EUVD-2026-5847
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...
EUVD-2026-4948
Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...
EUVD-2025-206267
Authlib has 1-click Account Takeover vulnerability...
EUVD-2023-60327
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before th...
EUVD-2025-203763
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
EUVD-2025-202221
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network...
EUVD-2024-55112
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...
EUVD-2025-198706
Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...
EUVD-2025-175376
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...
EUVD-2025-177889
Malicious code in mesosphere-planckscale-quark-promise npm...
EUVD-2025-37740
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
EUVD-2025-34631
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2025-34514
In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service...
EUVD-2025-34474
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...
EUVD-2010-1216
Malware in sbrugna...