Lucene search
K
EuvdMost viewed

417634 matches found

EUVD
EUVD
added 2026/06/08 2:30 a.m.15 views

EUVD-2026-35011

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 1:55 a.m.15 views

EUVD-2023-60583

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 12:30 a.m.15 views

EUVD-2026-35000

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/06 3:28 a.m.15 views

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34948

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/06 1:26 a.m.15 views

EUVD-2026-34942

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

7.2CVSS5.8AI score0.00338EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/05 8:29 p.m.15 views

EUVD-2026-32923

TinyMCE Cross-Site Scripting XSS vulnerability through mce:protected comments...

8.7CVSS5.4AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 8:16 p.m.15 views

EUVD-2026-34916

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 7:21 p.m.15 views

EUVD-2026-34897

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 7:31 a.m.15 views

EUVD-2026-34789

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS
Exploits18References1
EUVD
EUVD
added 2026/06/05 5:50 a.m.15 views

EUVD-2026-34786

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 1:36 a.m.15 views

EUVD-2026-34780

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS6AI score0.00567EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.15 views

EUVD-2026-34752

Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.15 views

EUVD-2026-34639

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 2:27 a.m.15 views

EUVD-2026-34198

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:51 a.m.15 views

EUVD-2026-34193

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:30 a.m.15 views

EUVD-2026-34187

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS5.2AI score0.00106EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/04 12:30 a.m.15 views

EUVD-2026-34186

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS5.4AI score0.00405EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/04 12:30 a.m.15 views

EUVD-2026-34181

OpenStack Ironic through 35.0.x allows Boot Script Injection...

5.8AI score0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 12:0 a.m.15 views

EUVD-2026-34201

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00733EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 6:15 p.m.15 views

EUVD-2026-34167

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

5.8AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:10 p.m.15 views

EUVD-2026-34164

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:3 p.m.15 views

EUVD-2026-34161

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

5.8AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 4:45 p.m.15 views

EUVD-2026-34139

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.8AI score0.00187EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 3:6 p.m.15 views

EUVD-2026-34104

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00197EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 1:28 p.m.15 views

EUVD-2026-34094

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 1:17 p.m.15 views

EUVD-2026-34092

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS5.8AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 1:16 p.m.15 views

EUVD-2026-34090

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS5.8AI score0.00354EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 10:42 a.m.15 views

EUVD-2026-34080

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

8.8CVSS6AI score0.00456EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.15 views

EUVD-2026-34042

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34145

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34170

An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module...

6.2AI score0.00243EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34148

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

7.3CVSS5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34179

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

5.8AI score0.00214EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34144

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

6.5CVSS5.8AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34141

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34153

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS5.9AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34180

Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...

5.8AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 10:47 p.m.15 views

EUVD-2026-34049

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS5.7AI score0.00265EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 10:22 p.m.15 views

EUVD-2026-34044

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.8AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 7:31 p.m.15 views

EUVD-2026-34017

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory...

8.2CVSS5.8AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 7:8 p.m.15 views

EUVD-2026-34015

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 6:20 p.m.15 views

EUVD-2025-210043

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

5.8AI score0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 4:49 p.m.15 views

EUVD-2026-33985

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 4:14 p.m.15 views

EUVD-2026-33979

Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation...

7.8CVSS5.8AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:30 p.m.15 views

EUVD-2026-33962

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 2:37 p.m.15 views

EUVD-2026-33946

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

7.8CVSS5.7AI score0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:41 p.m.15 views

EUVD-2026-33916

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 10:46 a.m.15 views

EUVD-2026-33912

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:53 a.m.15 views

EUVD-2025-210036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
Total number of security vulnerabilities5000