Lucene search
K
EuvdMost viewed

417556 matches found

EUVD
EUVD
added 2026/05/05 6:31 a.m.16 views

EUVD-2026-27221

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

10CVSS5.6AI score0.01788EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/05 12:34 a.m.16 views

EUVD-2026-25605

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 12:20 a.m.16 views

EUVD-2026-25608

Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0...

10CVSS6.2AI score0.01186EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/04 8:45 a.m.16 views

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

9CVSS6.2AI score0.00563EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/03 6:15 a.m.16 views

EUVD-2026-26820

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS5.5AI score0.01158EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 3:0 a.m.16 views

EUVD-2026-26810

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 2:14 p.m.16 views

EUVD-2026-26541

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix race between getherdisconnect and ethstop A race condition between getherdisconnect and ethstop leads to a NULL pointer dereference. Specifically, if ethstop is triggered concurrently while getherdisconne...

5.8AI score0.00089EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 12:0 a.m.16 views

EUVD-2026-26531

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

9.8CVSS6.4AI score0.00444EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/30 2:53 p.m.16 views

EUVD-2026-26381

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.3AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/26 6:30 a.m.16 views

EUVD-2026-25698

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

6.5CVSS6.3AI score0.00365EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/25 2:30 p.m.16 views

EUVD-2026-25658

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.2AI score0.00241EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/24 2:42 p.m.16 views

EUVD-2026-25478

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on startstreaming failure syzbot reported a memory leak in vidtvpsiservicedescinit 1. When vidtvstartstreaming fails inside vidtvstartfeed, the nfeeds counter is left incremented even...

5.5AI score0.00125EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.16 views

EUVD-2026-24921

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

5.5AI score0.00129EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/21 9:31 p.m.16 views

EUVD-2026-24362

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS5.8AI score0.00635EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.16 views

EUVD-2026-24113

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/14 6:30 p.m.16 views

EUVD-2026-22561

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.16 views

EUVD-2026-22449

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/13 6:30 p.m.16 views

EUVD-2026-22012

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chkprodavailability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit i...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/09 12:31 a.m.16 views

EUVD-2026-20781

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/05 9:30 p.m.16 views

EUVD-2026-19123

A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function loadfilesfromdisk/listfilesfromdisk/savecontenttofile/savememoryartifactstodisk of the component FileManagerTool. Such manipulation leads to path traversal. The attack may be...

6.5CVSS5.3AI score0.00339EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 6:36 p.m.16 views

EUVD-2024-55520

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS6.2AI score0.01531EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 6:31 p.m.16 views

EUVD-2026-16245

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 9:31 a.m.16 views

EUVD-2026-15194

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/23 8:28 p.m.16 views

EUVD-2026-14516

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...

9.3CVSS5.8AI score0.00413EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/23 12:30 p.m.16 views

EUVD-2026-14407

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS5.9AI score0.00443EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 3:31 p.m.16 views

EUVD-2026-13688

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

5.8AI score0.00144EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.16 views

EUVD-2026-13178

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

5.3CVSS5.8AI score0.00633EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.16 views

EUVD-2025-208538

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

5.8AI score0.00179EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/07 9:30 a.m.16 views

EUVD-2026-10139

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00633EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 9:30 p.m.16 views

EUVD-2025-208321

A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...

6.9CVSS5.9AI score0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 6:31 p.m.16 views

EUVD-2026-9828

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android HTTP API client, TLS transport modules allows Adversary in the Middle AiTM. This vulnerability is associated with program files src/hbbshttp/httpclient.Rs and...

9.1CVSS5.9AI score0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.16 views

EUVD-2026-9760

Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through = 1.7.7...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 9:32 p.m.16 views

EUVD-2025-208287

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard...

6.1AI score0.00485EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/04 6:31 p.m.16 views

EUVD-2026-9460

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this...

5.8CVSS6AI score0.00432EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 3:30 p.m.16 views

EUVD-2025-208267

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

4.4CVSS6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/14 4:27 p.m.16 views

EUVD-2026-5847

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...

5.2AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/29 9:37 p.m.16 views

EUVD-2026-4948

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/08 10:40 p.m.16 views

EUVD-2025-206267

Authlib has 1-click Account Takeover vulnerability...

5.7CVSS6.2AI score0.00237EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/24 3:30 p.m.16 views

EUVD-2023-60327

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before th...

5.8AI score0.00175EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/16 3:27 p.m.16 views

EUVD-2025-203763

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...

6.5CVSS6.4AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 5:55 p.m.16 views

EUVD-2025-202221

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network...

8.8CVSS6.9AI score0.00659EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 2:0 a.m.16 views

EUVD-2024-55112

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

8.4CVSS5.9AI score0.00098EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 3:30 p.m.16 views

EUVD-2025-198706

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS6.2AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/13 9:31 p.m.16 views

EUVD-2025-175376

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

7.7AI score0.01366EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/13 3:23 a.m.16 views

EUVD-2025-177889

Malicious code in mesosphere-planckscale-quark-promise npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/04 1:47 p.m.16 views

EUVD-2025-37740

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7AI score0.00593EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 3:30 p.m.16 views

EUVD-2025-34631

When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.2CVSS6.3AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 4:29 a.m.16 views

EUVD-2025-34514

In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a possible denial of service...

5.7CVSS6.3AI score0.00157EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/14 9:30 p.m.16 views

EUVD-2025-34474

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

7.8CVSS6.5AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2010-1216

Malware in sbrugna...

4.3CVSS6.1AI score0.04727EPSS
Exploits6References9
Total number of security vulnerabilities5000