Lucene search
K

418610 matches found

EUVD
EUVD
•added 2026/06/16 5:40 a.m.•10 views

EUVD-2025-210164

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges...

6.3CVSS5.9AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/16 5:33 a.m.•10 views

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 5:33 a.m.•10 views

EUVD-2026-37038

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the getsubmissioncontent AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it...

6.5CVSS5.4AI score0.00238EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 5:19 a.m.•10 views

EUVD-2026-37036

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS5.5AI score0.00164EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/16 5:3 a.m.•9 views

EUVD-2026-37035

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

6.7CVSS6.9AI score0.00089EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 4:30 a.m.•11 views

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/16 4:30 a.m.•14 views

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS6.6AI score0.00607EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/16 4:30 a.m.•14 views

EUVD-2026-37032

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/16 3:30 a.m.•9 views

EUVD-2026-37023

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

5.7AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 3:30 a.m.•8 views

EUVD-2026-37024

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

5.3AI score0.00112EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 3:30 a.m.•12 views

EUVD-2026-37031

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/16 2:20 a.m.•12 views

EUVD-2026-37030

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS6AI score0.00315EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/16 12:49 a.m.•8 views

EUVD-2026-37029

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.2AI score0.0015EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•8 views

EUVD-2026-37028

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

5.6CVSS5.6AI score0.00246EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•8 views

EUVD-2026-37027

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

5.6CVSS5.5AI score0.00158EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•9 views

EUVD-2026-37026

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

5.6CVSS5.5AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•8 views

EUVD-2026-37022

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS5.3AI score0.00264EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•10 views

EUVD-2026-37020

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

6.9CVSS5.3AI score0.00232EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•9 views

EUVD-2026-37021

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.6CVSS5.3AI score0.00184EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•9 views

EUVD-2026-37011

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities...

8.5CVSS5.3AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•11 views

EUVD-2026-37010

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

5.3CVSS5.2AI score0.00595EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•9 views

EUVD-2026-37018

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•10 views

EUVD-2026-37019

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS5.3AI score0.00195EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•7 views

EUVD-2026-37009

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

5.2AI score0.00389EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/16 12:34 a.m.•11 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/16 12:32 a.m.•9 views

EUVD-2026-37025

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS5.6AI score0.00209EPSS
Exploits2References2
EUVD
EUVD
•added 2026/06/15 10:27 p.m.•8 views

EUVD-2026-37017

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

7.8CVSS5.4AI score0.00533EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:56 p.m.•8 views

EUVD-2026-37015

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:55 p.m.•7 views

EUVD-2026-37014

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:55 p.m.•8 views

EUVD-2026-37013

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:55 p.m.•9 views

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36908

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-37000

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36984

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

7.3CVSS5.1AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36989

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36996

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36993

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36985

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...

7.5CVSS5.1AI score0.00414EPSS
Exploits2References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36979

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

6.5CVSS5.1AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36991

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36990

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36978

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36986

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS5.2AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36992

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36980

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36983

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

7.5CVSS5.1AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36977

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36981

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS5.2AI score0.00347EPSS
Exploits0References2
Total number of security vulnerabilities418610