Lucene search
K

417518 matches found

EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41141

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•10 views

EUVD-2026-38009

Rancher vulnerable to command injection through unsanitized YAML parameter...

9.4CVSS5.8AI score0.01277EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41140

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41139

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41138

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41137

Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...

8.3CVSS5.9AI score0.00823EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41136

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS5.7AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41135

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41134

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41133

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41132

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41131

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6AI score0.00191EPSS
Exploits1References3
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41130

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41129

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41128

Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilterconf handler in the commuos web backend. Attackers...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41127

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41126

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS5.7AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41125

OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...

7.3CVSS6.1AI score0.0061EPSS
Exploits0References3
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41124

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41123

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26...

4.7CVSS5.8AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41122

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41121

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

5.9CVSS6AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41120

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41119

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versio...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41118

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41117

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access 'Link Following’ vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.3CVSS5.8AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41116

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS5.8AI score0.00101EPSS
Exploits0References4
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41115

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS5.9AI score0.0069EPSS
Exploits0References4
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41114

Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41113

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41112

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41111

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41110

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41109

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS5.9AI score0.00412EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2022-49113

Open Babel has out-of-bounds write in MSI translationVectors...

9.8CVSS6.8AI score0.00863EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2022-49112

Open Babel has out-of-bounds write in MOPAC IN translationVectors Tv atom...

9.8CVSS7.2AI score0.00863EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2022-49111

Open Babel has out-of-bounds write in MOPAC translationVectors FINAL POINT...

9.8CVSS7.2AI score0.00863EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-49109

Open Babel has out-of-bounds write in Gaussian translationVectors...

9.8CVSS6.7AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41108

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

5.6CVSS6.1AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2022-49108

Open Babel has out-of-bounds write in ORCA nAtoms parser second variant...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-49107

Open Babel has out-of-bounds write in ORCA nAtoms parser...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2022-49099

Open Babel has uninitialized pointer dereference in PQS pFormat...

9.8CVSS6.7AI score0.00843EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41107

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The global NestJS ValidationPipe is configured without whitelist: true, so extr...

10CVSS6.1AI score0.0059EPSS
Exploits1References2
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41106

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.3CVSS5.7AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-47394

Open Babel has uninitialized pointer dereference in MSI atom parser...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•8 views

EUVD-2022-46603

Open Babel has out-of-bounds write in MOL2 attribute/value parser...

8.1CVSS7.1AI score0.00796EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-46468

Open Babel has out-of-bounds write in PQS coordfile parser...

9.8CVSS6.8AI score0.00843EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2022-45947

Open Babel has uninitialized pointer dereference in GRO residue parser...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•3 views

EUVD-2022-44961

Open Babel has out-of-bounds write in CSR PadString title field...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•3 views

EUVD-2022-39966

Open Babel has out-of-bounds write in Gaussian coordstype orientation parser...

7.8CVSS6.7AI score0.00704EPSS
Exploits1References5
Total number of security vulnerabilities417518