Lucene search
K

418351 matches found

EUVD
EUVD
added 2026/06/17 6:11 p.m.14 views

EUVD-2026-36728

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 5:59 p.m.8 views

EUVD-2026-37779

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:59 p.m.11 views

EUVD-2026-37778

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET...

7.1CVSS5.2AI score0.00272EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:58 p.m.9 views

EUVD-2026-37777

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...

9.1CVSS5.6AI score0.00579EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:58 p.m.10 views

EUVD-2026-37776

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS5.3AI score0.00365EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:57 p.m.8 views

EUVD-2026-37775

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.2AI score0.00108EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:57 p.m.17 views

EUVD-2026-37774

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS5.6AI score0.006EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 5:55 p.m.10 views

EUVD-2026-37142

OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin...

7.1CVSS5.2AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 5:50 p.m.9 views

EUVD-2026-37773

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.2AI score0.00368EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 5:25 p.m.9 views

EUVD-2026-37757

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional Queueing Service,Core Libraries,Persistence Service allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 befo...

4.8CVSS5.2AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:21 p.m.9 views

EUVD-2026-37756

Integer Underflow Wrap or Wraparound vulnerability in RTI Connext Micro Core Libraries allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0...

8.8CVSS5.2AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:20 p.m.9 views

EUVD-2026-37755

Out-of-bounds Read vulnerability in RTI Connext Micro Core Libraries allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0...

8.8CVSS5.2AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:20 p.m.8 views

EUVD-2026-37754

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS5.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:20 p.m.8 views

EUVD-2026-37753

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Web Integration Service allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7., from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1...

8.8CVSS5.2AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:19 p.m.9 views

EUVD-2026-37772

Out-of-bounds Read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 5.0.0 before 5.2...

9.2CVSS5.2AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:19 p.m.9 views

EUVD-2026-37771

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6CVSS5.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:17 p.m.9 views

EUVD-2026-37770

Heap-based Buffer Overflow vulnerability in RTI Connext Professional Core Libraries allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 5.0.0...

9.2CVSS5.2AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:7 p.m.11 views

EUVD-2026-37768

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which construct...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:7 p.m.8 views

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:58 p.m.11 views

EUVD-2026-37765

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS5.8AI score0.00815EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/17 4:44 p.m.10 views

EUVD-2026-37762

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS6.3AI score0.00685EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 4:42 p.m.10 views

EUVD-2026-37761

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 4:28 p.m.10 views

EUVD-2026-37759

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.9 views

EUVD-2026-37751

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS5.3AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.10 views

EUVD-2026-37750

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS6.1AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.9 views

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:16 p.m.15 views

EUVD-2026-37748

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.1CVSS5.9AI score0.00748EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:34 p.m.10 views

EUVD-2026-37746

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

4.3CVSS5.3AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 3:29 p.m.10 views

EUVD-2026-37745

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

7.8CVSS5.4AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:27 p.m.9 views

EUVD-2026-37744

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:17 p.m.9 views

EUVD-2025-210272

Dell PowerFlex rack, versions RCM 3.7/3.7, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS5.5AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:10 p.m.11 views

EUVD-2026-37743

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

5.7CVSS5.7AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2026-37742

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS5.6AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2026-37741

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS6AI score0.00434EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 3:5 p.m.9 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.9 views

EUVD-2026-37738

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS5.6AI score0.00509EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.9 views

EUVD-2026-37739

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2026-37737

picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote...

10CVSS5.8AI score0.00623EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.15 views

EUVD-2025-210270

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS6.5AI score0.00757EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.9 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 3:4 p.m.8 views

EUVD-2025-210269

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS6AI score0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.19 views

EUVD-2025-210268

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS6AI score0.00624EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.12 views

EUVD-2025-210267

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...

9.8CVSS6.1AI score0.00623EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 2:58 p.m.10 views

EUVD-2026-37736

Dell PowerFlex Manager, versions Versions, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

7.1CVSS5.4AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:53 p.m.11 views

EUVD-2026-37735

Dell PowerFlex Manager, versions Versions, contains an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access...

5.7CVSS5.3AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:48 p.m.10 views

EUVD-2026-37734

Dell PowerFlex Manager, versions Versions, contains an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service...

4.3CVSS5.4AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:42 p.m.10 views

EUVD-2026-37733

Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...

8.8CVSS5.5AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:39 p.m.10 views

EUVD-2026-37732

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

6.9CVSS5.4AI score0.00165EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 2:36 p.m.9 views

EUVD-2026-37731

Dell PowerFlex Manager, versions Versions, contains an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access...

8.1CVSS5.3AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:30 p.m.11 views

EUVD-2026-37729

Dell PowerFlex Manager, versions Versions, contains an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access...

7.4CVSS5.3AI score0.0021EPSS
Exploits0References1
Total number of security vulnerabilities418351