Lucene search
K
EuvdMost viewed

417608 matches found

EUVD
EUVD
added 2026/05/12 4:58 p.m.16 views

EUVD-2026-29622

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 12:32 p.m.16 views

EUVD-2026-29432

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

8.7CVSS5.7AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 12:32 p.m.16 views

EUVD-2026-29423

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

9.1CVSS5.7AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 9:31 p.m.16 views

EUVD-2026-29303

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

5.8AI score0.00318EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/11 9:31 p.m.16 views

EUVD-2026-29257

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination...

5.8AI score0.00623EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/11 9:31 p.m.16 views

EUVD-2026-29251

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

5.8AI score0.00462EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/11 6:31 p.m.16 views

EUVD-2026-29091

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

5.9AI score0.00754EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/11 3:31 a.m.16 views

EUVD-2026-29016

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References6
EUVD
EUVD
added 2026/05/10 3:31 p.m.16 views

EUVD-2022-55984

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00247EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/10 4:19 a.m.16 views

EUVD-2026-28966

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.5CVSS6.1AI score0.00739EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/09 9:32 p.m.16 views

EUVD-2026-28938

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument method leads to cross-site request forgery. Remote exploitation of the attack is possible. Th...

5.3CVSS5.2AI score0.00162EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/09 7:16 p.m.16 views

EUVD-2026-28928

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/09 12:43 a.m.16 views

EUVD-2026-28876

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/08 9:35 p.m.16 views

EUVD-2026-28839

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 8:24 p.m.16 views

EUVD-2026-27339

Phoenix: Long-poll NDJSON body splitting causes large memory allocation...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 6:31 p.m.16 views

EUVD-2026-28785

nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recvreadregistersres in nanomodbus.c. When a client calls nmbsreadholdingregisters or nmbsreadinputregisters, the library writes register data from the server response to the caller-provided buffer based on the response's bytecount...

8.2CVSS6.4AI score0.00639EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.16 views

EUVD-2026-28751

In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buffers already mapped for that skb. Because count is incremented after a successful mapping, it will...

5.8AI score0.00123EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/08 3:31 p.m.16 views

EUVD-2026-28690

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

5.7AI score0.00457EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/08 3:6 p.m.16 views

EUVD-2026-28655

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 12:31 p.m.16 views

EUVD-2026-28543

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS6AI score0.00244EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/08 3:51 a.m.16 views

EUVD-2026-28525

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

6.5CVSS5.7AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:38 p.m.16 views

EUVD-2026-28386

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:38 p.m.16 views

EUVD-2026-28366

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

5.8AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 3:38 p.m.16 views

EUVD-2026-28360

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 12:31 p.m.16 views

EUVD-2026-28343

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 5:12 a.m.16 views

EUVD-2026-28316

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 3:21 a.m.16 views

EUVD-2026-28306

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:34 p.m.16 views

EUVD-2026-27889

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or...

8.8CVSS6.6AI score0.00545EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 6:30 p.m.16 views

EUVD-2026-27863

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 3:32 p.m.16 views

EUVD-2026-27830

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00293EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/06 12:30 p.m.16 views

EUVD-2026-27665

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

5.8AI score0.00119EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/06 12:30 p.m.16 views

EUVD-2026-27813

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

5.8AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/06 12:30 p.m.16 views

EUVD-2026-27782

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

5.9AI score0.00138EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/06 12:30 p.m.16 views

EUVD-2026-27622

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below changed cachefilesburyobject to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry which tak...

5.7AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 9:31 p.m.16 views

EUVD-2026-27430

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

10CVSS7.5AI score0.0586EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/05 6:31 a.m.16 views

EUVD-2026-27221

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

10CVSS5.6AI score0.01788EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/05 12:34 a.m.16 views

EUVD-2026-25605

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 12:20 a.m.16 views

EUVD-2026-25608

Axios: Incomplete Fix for CVE-2025-62718 — NOPROXY Protection Bypassed via RFC 1122 Loopback Subnet 127.0.0.0/8 in Axios 1.15.0...

10CVSS6.2AI score0.01186EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/04 3:57 p.m.16 views

EUVD-2026-27023

D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

9.8CVSS5.8AI score0.00472EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/03 6:15 a.m.16 views

EUVD-2026-26820

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS5.5AI score0.01158EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 3:0 a.m.16 views

EUVD-2026-26810

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 2:14 p.m.16 views

EUVD-2026-26541

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix race between getherdisconnect and ethstop A race condition between getherdisconnect and ethstop leads to a NULL pointer dereference. Specifically, if ethstop is triggered concurrently while getherdisconne...

5.8AI score0.00089EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 12:0 a.m.16 views

EUVD-2026-26531

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

9.8CVSS6.4AI score0.00444EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/30 2:53 p.m.16 views

EUVD-2026-26381

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.3AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/26 6:30 a.m.16 views

EUVD-2026-25698

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

6.5CVSS6.3AI score0.00365EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/25 2:30 p.m.16 views

EUVD-2026-25658

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.2AI score0.00241EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/24 1:55 a.m.16 views

EUVD-2026-25376

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS5.8AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.16 views

EUVD-2026-24362

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS5.8AI score0.00635EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.16 views

EUVD-2026-22561

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.16 views

EUVD-2026-22449

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.00206EPSS
Exploits0References2
Total number of security vulnerabilities5000