Lucene search
K

418715 matches found

EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36777

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36783

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

5.2AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36787

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

5.3AI score0.00482EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36779

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

5.4AI score0.00248EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36778

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

5.8AI score0.00476EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36785

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

5.2AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36792

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS5.6AI score0.0135EPSS
Exploits3References5
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36769

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

5.8AI score0.01571EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36771

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

5.8AI score0.00441EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36774

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.3AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36770

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

5.7AI score0.0056EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36768

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...

5.2AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36773

Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...

5.2AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36775

An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters...

5.4AI score0.00577EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36767

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

5.4AI score0.00718EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36794

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS6.3AI score0.00525EPSS
Exploits2References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36772

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

5.8AI score0.01119EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36776

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

5.3AI score0.00441EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36793

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36761

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

5.2AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36759

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...

5.9AI score0.00515EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36754

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36796

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36763

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

5.3AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36762

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

5.6AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36764

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00225EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•15 views

EUVD-2026-36758

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

5.8AI score0.00393EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36760

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

5.3AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36757

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.2AI score0.00627EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36766

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

5.4AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•14 views

EUVD-2026-36756

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

5.3AI score0.01345EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36765

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

6.2AI score0.00361EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36750

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

5.1AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36749

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...

5.8AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2025-210156

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

5.3AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36745

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...

5.2AI score0.00479EPSS
Exploits2References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36752

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36751

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36753

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36755

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2026-36743

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

6.1AI score0.0081EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36746

PublicCMS V5.202506.d has a Cross Site Scripting XSS vulnerability in the site configuration management module...

5.1AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36747

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

5.5AI score0.00511EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36744

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

5.4AI score0.00324EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•14 views

EUVD-2025-210149

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/15 9:30 p.m.•12 views

EUVD-2025-210142

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

6.5CVSS5.2AI score0.00363EPSS
Exploits1References3
Total number of security vulnerabilities418715