Lucene search
K

418769 matches found

EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2026-36606

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

5.4AI score0.00106EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2025-210132

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36607

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but...

5.5AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36611

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access intended for other...

8.6CVSS5.2AI score0.00209EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36605

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

5.3AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.18 views

EUVD-2026-36609

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.4AI score0.00289EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2025-210131

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.6AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2025-210122

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

7.8CVSS5.6AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2025-210123

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

7.8CVSS5.6AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2025-210130

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

7.8CVSS5.4AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2025-210129

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, an...

5.5CVSS5.4AI score0.00113EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2025-210128

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus o...

7.8CVSS5.6AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.8 views

EUVD-2025-210124

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2025-210126

Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2025-210127

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

7.8CVSS5.6AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2025-210125

Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for vir...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 9:3 p.m.11 views

EUVD-2026-36597

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version...

5.3CVSS5.2AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.10 views

EUVD-2026-36596

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...

7.1CVSS5.1AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.11 views

EUVD-2026-36595

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.10 views

EUVD-2026-36594

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:2 p.m.11 views

EUVD-2026-36593

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:2 p.m.10 views

EUVD-2026-36592

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:0 p.m.9 views

EUVD-2026-36591

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 8:59 p.m.13 views

EUVD-2026-36590

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS5.5AI score0.00237EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:57 p.m.12 views

EUVD-2026-36589

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:56 p.m.12 views

EUVD-2026-36588

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS5.4AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:55 p.m.11 views

EUVD-2026-36577

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:54 p.m.10 views

EUVD-2026-36576

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...

3.7CVSS5.4AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:52 p.m.10 views

EUVD-2026-36575

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS5.3AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:50 p.m.11 views

EUVD-2026-36574

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:48 p.m.10 views

EUVD-2026-36573

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:48 p.m.13 views

EUVD-2026-36572

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS5.5AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:46 p.m.9 views

EUVD-2026-36571

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configure...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:46 p.m.11 views

EUVD-2026-36570

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:45 p.m.10 views

EUVD-2026-36569

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

5.1CVSS3.7AI score0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 8:44 p.m.11 views

EUVD-2026-36568

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS5.3AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:43 p.m.9 views

EUVD-2026-36567

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS5.3AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:39 p.m.9 views

EUVD-2026-36566

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS5.2AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:37 p.m.10 views

EUVD-2026-36565

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:36 p.m.9 views

EUVD-2026-36564

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

5.3CVSS5.2AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:30 p.m.10 views

EUVD-2026-36563

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.6AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:30 p.m.10 views

EUVD-2026-36562

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS3.7AI score0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 8:26 p.m.9 views

EUVD-2026-36561

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:26 p.m.11 views

EUVD-2026-36560

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:25 p.m.9 views

EUVD-2026-36559

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:25 p.m.10 views

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.3AI score0.00204EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:24 p.m.11 views

EUVD-2026-36557

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:23 p.m.13 views

EUVD-2026-36587

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:23 p.m.9 views

EUVD-2026-36586

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:23 p.m.10 views

EUVD-2026-36585

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1
Total number of security vulnerabilities418769