Lucene search
K

418715 matches found

EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36828

Unauthenticated Cross Site Scripting XSS in Simple Membership = 4.7.2 versions...

6.5CVSS5.1AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36827

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

6.5CVSS5.2AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36826

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36824

Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...

6.5CVSS5.1AI score0.00271EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36825

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

6.5CVSS5.2AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36823

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36822

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

5.3CVSS5.2AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.13 views

EUVD-2026-36821

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36820

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36819

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

6.3CVSS5.1AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36818

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

7.2CVSS5.1AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36817

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36815

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36816

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

6.5CVSS5.1AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36813

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36814

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

8.1CVSS5.2AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36812

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36810

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

6.5CVSS5.2AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36811

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36809

Subscriber Cross Site Scripting XSS in ProfilePress = 4.16.13 versions...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36807

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36808

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...

5.3CVSS5.2AI score0.00309EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36806

Subscriber Sensitive Data Exposure in WPPizza = 3.19.9 versions...

6.5CVSS5.2AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:11 p.m.35 views

EUVD-2026-35549

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability...

7.5CVSS5.1AI score0.0243EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 7:56 p.m.15 views

EUVD-2026-37002

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS5.5AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 7:29 p.m.12 views

EUVD-2026-32919

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS...

5.3CVSS5.1AI score0.00288EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 7:28 p.m.11 views

EUVD-2026-32915

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes...

8.8CVSS7.8AI score0.02214EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 7:28 p.m.12 views

EUVD-2026-32917

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed...

7.4CVSS5.1AI score0.00394EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 7:27 p.m.15 views

EUVD-2026-32918

PyJWT: Algorithm allow-list bypass when decoding with PyJWK / PyJWKClient keys...

5.4CVSS5.1AI score0.00127EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 7:18 p.m.10 views

EUVD-2026-36999

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...

4.3CVSS5.2AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 6:52 p.m.8 views

EUVD-2026-36795

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS5.6AI score0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 5:28 p.m.12 views

EUVD-2026-32916

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values DoS...

3.7CVSS5.1AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 5:26 p.m.9 views

EUVD-2026-36524

form-data: CRLF injection in form-data via unescaped multipart field names and filenames...

8.7CVSS5.2AI score0.00409EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 4:54 p.m.9 views

EUVD-2026-36742

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 4:36 p.m.10 views

EUVD-2026-36265

tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...

8.2CVSS5.1AI score0.00496EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 4:28 p.m.7 views

EUVD-2026-36741

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS5.1AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:24 p.m.10 views

EUVD-2026-36740

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:23 p.m.9 views

EUVD-2026-36739

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:23 p.m.14 views

EUVD-2026-36738

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:22 p.m.7 views

EUVD-2026-36737

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:22 p.m.10 views

EUVD-2026-36736

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:21 p.m.7 views

EUVD-2026-36735

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.3AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:21 p.m.7 views

EUVD-2026-36734

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS5.7AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:21 p.m.27 views

EUVD-2026-36733

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.5AI score0.07683EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/15 3:17 p.m.13 views

EUVD-2026-36731

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.4AI score0.00579EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 3:14 p.m.9 views

EUVD-2025-210140

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

6.5CVSS5.2AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 3:14 p.m.9 views

EUVD-2025-210139

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

5.9CVSS5.1AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 3:10 p.m.10 views

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.3AI score0.00865EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 2:16 p.m.12 views

EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

4.8CVSS5.4AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 2:6 p.m.12 views

EUVD-2026-36732

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1
Total number of security vulnerabilities418715