Lucene search
K

418610 matches found

EUVD
EUVD
added 2026/06/17 1:12 p.m.8 views

EUVD-2025-210243

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:7 p.m.9 views

EUVD-2026-37701

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

8.8CVSS5.4AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37700

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37699

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37697

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.12 views

EUVD-2026-37698

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS5.3AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37696

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37695

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.10 views

EUVD-2026-37694

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37692

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37693

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37691

Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.10 views

EUVD-2026-37690

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37689

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2026-37688

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.6 views

EUVD-2026-37687

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37686

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2026-37685

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2026-37684

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210242

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210241

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210266

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2025-210265

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2025-210264

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 11:39 p.m.10 views

EUVD-2026-36421

@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...

5.9CVSS5.2AI score0.0028EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/16 11:10 p.m.8 views

EUVD-2026-37515

CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. In...

4.7CVSS5.4AI score0.00223EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/16 10:19 p.m.8 views

EUVD-2026-37510

Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The...

9.3CVSS5.3AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:43 p.m.12 views

EUVD-2026-37508

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS5.4AI score0.00399EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:38 p.m.10 views

EUVD-2026-37507

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS5.4AI score0.0017EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37182

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37192

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.5AI score0.0006EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

5.2AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37183

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.5AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.15 views

EUVD-2026-37191

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.6AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37185

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37189

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.6AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.20 views

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.21 views

EUVD-2026-37193

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37187

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00068EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37181

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37195

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.3AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37205

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

7.4CVSS5.5AI score0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37177

In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37186

In OSMMapPMRGeneric of pmros.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS5.5AI score0.00071EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37197

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.7CVSS5.6AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37179

In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.5AI score0.00068EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37200

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

5.2AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.11 views

EUVD-2026-37180

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.12 views

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

9.8CVSS8.1AI score0.00934EPSS
Exploits0References6
Total number of security vulnerabilities418610