Lucene search
K

418530 matches found

EUVD
EUVD
added 2026/06/17 1:41 p.m.8 views

EUVD-2026-37710

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

8.3CVSS5.4AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 1:41 p.m.11 views

EUVD-2026-37709

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS5.3AI score0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:40 p.m.24 views

EUVD-2026-37708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:37 p.m.9 views

EUVD-2026-37707

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS5.4AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:36 p.m.12 views

EUVD-2026-37706

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS5.2AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:35 p.m.8 views

EUVD-2026-37705

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:25 p.m.9 views

EUVD-2026-37704

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS5.5AI score0.00417EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 1:16 p.m.12 views

EUVD-2026-37703

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:15 p.m.15 views

EUVD-2025-210244

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:14 p.m.10 views

EUVD-2026-37702

Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...

7.1CVSS5.5AI score0.00282EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 1:12 p.m.8 views

EUVD-2025-210243

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:7 p.m.9 views

EUVD-2026-37701

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS5.4AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37700

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37699

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37697

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.12 views

EUVD-2026-37698

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS5.3AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37696

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37695

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.10 views

EUVD-2026-37694

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37692

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37693

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37691

Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.10 views

EUVD-2026-37690

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37689

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2026-37688

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.6 views

EUVD-2026-37687

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37686

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37684

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2026-37685

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210242

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210241

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210266

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2025-210265

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.6 views

EUVD-2025-210264

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 11:39 p.m.10 views

EUVD-2026-36421

@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...

5.9CVSS5.2AI score0.0028EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/16 11:10 p.m.8 views

EUVD-2026-37515

CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. In...

4.7CVSS5.4AI score0.00223EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/16 10:19 p.m.8 views

EUVD-2026-37510

Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...

9.3CVSS5.3AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:43 p.m.12 views

EUVD-2026-37508

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS5.4AI score0.00399EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:38 p.m.10 views

EUVD-2026-37507

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS5.4AI score0.0017EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37182

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37192

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.5AI score0.0006EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

5.2AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37183

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.5AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.15 views

EUVD-2026-37191

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.6AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37185

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37189

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.6AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.21 views

EUVD-2026-37193

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37187

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00068EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37181

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References2
Total number of security vulnerabilities418530