Lucene search
K

418718 matches found

EUVD
EUVD
•added 2026/06/15 8:7 a.m.•11 views

EUVD-2026-36701

Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially craft...

8.5CVSS7.3AI score0.00131EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 6:0 a.m.•10 views

EUVD-2026-36699

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/15 6:0 a.m.•11 views

EUVD-2026-36700

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

5.4CVSS5.2AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/15 6:0 a.m.•14 views

EUVD-2026-36698

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/15 6:0 a.m.•11 views

EUVD-2026-36697

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS5.3AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/15 5:30 a.m.•10 views

EUVD-2026-36696

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.5AI score0.01194EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 5:15 a.m.•11 views

EUVD-2026-36695

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 5:0 a.m.•13 views

EUVD-2026-36694

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS8.2AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 4:45 a.m.•12 views

EUVD-2026-36693

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS8.2AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 4:30 a.m.•15 views

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 4:15 a.m.•11 views

EUVD-2026-36691

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 4:0 a.m.•13 views

EUVD-2026-36690

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

8.5CVSS6.8AI score0.00111EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 3:45 a.m.•13 views

EUVD-2026-36689

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.6AI score0.00112EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 3:30 a.m.•12 views

EUVD-2026-36688

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

8.5CVSS7.1AI score0.00124EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 3:15 a.m.•12 views

EUVD-2026-36687

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS5AI score0.00203EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 3:0 a.m.•9 views

EUVD-2026-36686

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

5.3CVSS5AI score0.00207EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/15 2:45 a.m.•11 views

EUVD-2026-36685

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS4.4AI score0.00372EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/15 2:30 a.m.•11 views

EUVD-2026-36684

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/15 2:15 a.m.•12 views

EUVD-2026-36683

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

6.9CVSS5.4AI score0.00314EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 2:0 a.m.•12 views

EUVD-2026-36682

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 1:45 a.m.•13 views

EUVD-2026-36681

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS5AI score0.00226EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 1:30 a.m.•10 views

EUVD-2026-36680

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 1:15 a.m.•11 views

EUVD-2026-36679

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7.1AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 1:0 a.m.•15 views

EUVD-2026-36678

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5.4AI score0.00402EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/15 12:45 a.m.•9 views

EUVD-2026-36677

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.3AI score0.00214EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•11 views

EUVD-2026-36670

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS7.1AI score0.00137EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•12 views

EUVD-2026-36673

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS7AI score0.02385EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•11 views

EUVD-2026-36671

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS8.3AI score0.00316EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•14 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•12 views

EUVD-2026-36672

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS7.4AI score0.00142EPSS
Exploits0References11
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•14 views

EUVD-2026-36668

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•12 views

EUVD-2026-36667

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/15 12:31 a.m.•12 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/15 12:30 a.m.•11 views

EUVD-2026-36676

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS5.4AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/15 12:15 a.m.•10 views

EUVD-2026-36675

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS8AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/15 12:0 a.m.•10 views

EUVD-2026-36674

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.2AI score0.00525EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/14 8:45 p.m.•13 views

EUVD-2026-36665

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS7.7AI score0.01966EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/14 5:38 p.m.•13 views

EUVD-2026-36664

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS5.7AI score0.00459EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/14 5:26 p.m.•12 views

EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS5.6AI score0.00407EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/14 5:21 p.m.•14 views

EUVD-2026-36662

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/14 5:10 p.m.•13 views

EUVD-2026-36661

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...

9CVSS5.8AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/14 11:40 a.m.•13 views

EUVD-2026-36660

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

5.5AI score0.00618EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/14 11:39 a.m.•14 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/14 6:0 a.m.•14 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/14 3:49 a.m.•13 views

EUVD-2026-36658

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/14 3:23 a.m.•14 views

EUVD-2026-36657

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
EUVD
EUVD
•added 2026/06/14 12:30 a.m.•15 views

EUVD-2026-36656

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

5.3CVSS3.7AI score0.00265EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/14 12:30 a.m.•13 views

EUVD-2026-36655

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS5.2AI score0.00214EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/13 8:15 p.m.•13 views

EUVD-2026-36654

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

9CVSS7.6AI score0.00582EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/13 5:36 p.m.•14 views

EUVD-2026-36653

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References4
Total number of security vulnerabilities418718