Lucene search
K
EuvdMost viewed

417980 matches found

EUVD
EUVD
added 2026/05/28 4:50 p.m.16 views

EUVD-2026-32970

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 12:30 p.m.16 views

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/28 9:41 a.m.16 views

EUVD-2026-32756

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

5.7AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:40 a.m.16 views

EUVD-2026-32852

In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

5.8AI score0.00119EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:40 a.m.16 views

EUVD-2026-32844

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885...

5.8AI score0.00013EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:36 a.m.16 views

EUVD-2026-32796

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.8AI score0.0013EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:36 a.m.16 views

EUVD-2026-32790

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...

5.8AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:35 a.m.16 views

EUVD-2026-32883

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

7.1CVSS6.4AI score0.00425EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:35 a.m.16 views

EUVD-2026-32872

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

5.7AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 6:45 a.m.16 views

EUVD-2026-32733

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 5:24 p.m.16 views

EUVD-2026-32610

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/27 5:16 p.m.16 views

EUVD-2026-32607

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 4:39 p.m.16 views

EUVD-2026-32584

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

7.4CVSS5.8AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.16 views

EUVD-2026-32391

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...

5.8AI score0.00155EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 3:33 p.m.16 views

EUVD-2026-32325

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'FGSO' capability flag and a gso packet with an unconfirmed nfconn entry is...

5.8AI score0.00595EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 2:14 p.m.16 views

EUVD-2026-32519

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 1:10 p.m.16 views

EUVD-2026-32491

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 12:58 p.m.16 views

EUVD-2026-32456

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

5.8AI score0.00119EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 12:57 p.m.16 views

EUVD-2026-32448

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

5.8AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 12:57 p.m.16 views

EUVD-2026-32447

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...

5.8AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 12:56 p.m.16 views

EUVD-2026-32405

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

5.7AI score0.0049EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 12:55 p.m.16 views

EUVD-2026-32293

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...

5.8AI score0.00123EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 9:49 a.m.16 views

EUVD-2026-32210

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS5.8AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.16 views

EUVD-2026-32193

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.16 views

EUVD-2026-32182

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.16 views

EUVD-2026-32180

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:25 a.m.16 views

EUVD-2023-60578

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:58 a.m.16 views

EUVD-2026-32144

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:31 a.m.16 views

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.16 views

EUVD-2026-32063

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 2:25 a.m.16 views

EUVD-2026-32041

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS5.9AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 1:57 a.m.16 views

EUVD-2026-32040

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 12:2 a.m.16 views

EUVD-2026-32027

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request...

9.2CVSS5.8AI score0.06552EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/26 9:0 p.m.16 views

EUVD-2026-31999

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/26 8:46 p.m.16 views

EUVD-2026-31997

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

7.5CVSS5.9AI score0.00539EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 8:16 p.m.16 views

EUVD-2026-31987

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 7:54 p.m.16 views

EUVD-2026-31978

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS6.3AI score0.00377EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:47 p.m.16 views

EUVD-2026-31976

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...

8.2CVSS6AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 6:23 p.m.16 views

EUVD-2026-31953

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 6:12 p.m.16 views

EUVD-2026-31951

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

7.2CVSS6.2AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:39 p.m.16 views

EUVD-2026-31941

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel...

9.4CVSS6.1AI score0.00574EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:35 p.m.16 views

EUVD-2026-31940

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:24 p.m.16 views

EUVD-2026-31934

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code executi...

7CVSS5.9AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 5:23 p.m.17 views

EUVD-2026-31931

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 5:16 p.m.16 views

EUVD-2026-31923

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

6.5CVSS5.8AI score0.00125EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 5:9 p.m.16 views

EUVD-2026-31915

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS6.2AI score0.00132EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:6 p.m.16 views

EUVD-2026-31912

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 3:49 p.m.16 views

EUVD-2026-31902

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS6.1AI score0.00469EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/26 2:8 p.m.16 views

EUVD-2026-31835

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 1:30 p.m.16 views

EUVD-2026-31825

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00519EPSS
Exploits0References4
Total number of security vulnerabilities5000