Lucene search
K

418718 matches found

EUVD
EUVD
added 2026/06/15 3:10 p.m.11 views

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.3AI score0.00865EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 2:16 p.m.12 views

EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

4.8CVSS5.4AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 2:6 p.m.12 views

EUVD-2026-36732

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 1:55 p.m.17 views

EUVD-2026-36725

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS5.3AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 1:3 p.m.9 views

EUVD-2025-210138

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 1:1 p.m.12 views

EUVD-2026-36724

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:58 p.m.11 views

EUVD-2026-36723

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS5.1AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:52 p.m.11 views

EUVD-2026-36722

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:51 p.m.10 views

EUVD-2026-36721

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS5.2AI score0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:49 p.m.12 views

EUVD-2026-36720

Improper Control of Generation of Code 'Code Injection' vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8...

10CVSS5.4AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:47 p.m.11 views

EUVD-2026-36719

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS5.3AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:42 p.m.8 views

EUVD-2026-36718

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:23 p.m.9 views

EUVD-2026-36717

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:2 p.m.8 views

EUVD-2016-10897

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.14 views

EUVD-2019-20182

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2018-21959

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

8.7CVSS5.2AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2018-21958

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS6AI score0.00661EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10895

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10896

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS5.3AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10894

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...

6.9CVSS5.8AI score0.00326EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10893

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS5.4AI score0.00641EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10892

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

6.9CVSS5.6AI score0.0039EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10891

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS5.4AI score0.00778EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.11 views

EUVD-2016-10890

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10889

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS5.4AI score0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10888

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.7 views

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.10 views

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10885

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10884

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10883

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10882

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10881

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10880

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS5.2AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.9 views

EUVD-2016-10879

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 11:44 a.m.15 views

EUVD-2026-36716

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS5.5AI score0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 10:21 a.m.13 views

EUVD-2026-36715

When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...

8.6CVSS5.7AI score0.00129EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 10:7 a.m.13 views

EUVD-2026-36714

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...

9.2CVSS5.4AI score0.00563EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/15 10:5 a.m.11 views

EUVD-2026-36713

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS5.4AI score0.00327EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:5 a.m.13 views

EUVD-2026-36712

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.3AI score0.0012EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:4 a.m.10 views

EUVD-2026-36711

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

6.9CVSS5.3AI score0.00397EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:4 a.m.12 views

EUVD-2026-36710

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.5AI score0.00305EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:4 a.m.11 views

EUVD-2026-36709

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

7.1CVSS5.5AI score0.00394EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.12 views

EUVD-2026-36708

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...

5.3CVSS5.4AI score0.00283EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.10 views

EUVD-2026-36707

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS5.5AI score0.00304EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.11 views

EUVD-2026-36706

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket...

7.1CVSS5.4AI score0.00335EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:2 a.m.10 views

EUVD-2026-36705

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...

7.1CVSS5.5AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 10:2 a.m.10 views

EUVD-2026-36704

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...

8.6CVSS5.5AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:57 a.m.14 views

EUVD-2026-36703

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.2AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:36 a.m.12 views

EUVD-2026-36702

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
Total number of security vulnerabilities418718