Lucene search
K

417525 matches found

EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41106

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.3CVSS5.7AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-47394

Open Babel has uninitialized pointer dereference in MSI atom parser...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•8 views

EUVD-2022-46603

Open Babel has out-of-bounds write in MOL2 attribute/value parser...

8.1CVSS7.1AI score0.00796EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2022-46468

Open Babel has out-of-bounds write in PQS coordfile parser...

9.8CVSS6.8AI score0.00843EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2022-45947

Open Babel has uninitialized pointer dereference in GRO residue parser...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•3 views

EUVD-2022-44961

Open Babel has out-of-bounds write in CSR PadString title field...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•3 views

EUVD-2022-39966

Open Babel has out-of-bounds write in Gaussian coordstype orientation parser...

7.8CVSS6.7AI score0.00704EPSS
Exploits1References5
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41105

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2025-31206

Open Babel has out-of-bounds read in PQS lowerit pre-buffer read...

5.5CVSS5.7AI score0.00189EPSS
Exploits1References8
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2025-31187

Open Babel has NULL pointer dereference in CACAO CacaoFormat::SetHilderbrandt...

5.5CVSS5.8AI score0.00188EPSS
Exploits1References8
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41104

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51...

7.4CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•4 views

EUVD-2026-41103

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.3CVSS5.7AI score0.00221EPSS
Exploits1References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2025-31188

Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines...

5.5CVSS5.8AI score0.00187EPSS
Exploits1References8
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2025-31197

Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies...

7.8CVSS6.6AI score0.00224EPSS
Exploits1References7
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41100

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41099

URL redirection to untrusted site 'open redirect' vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from before 1.43.9, 1.44.6, 1.45.4...

6.9CVSS5.6AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41098

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41097

Cross-Site Request Forgery CSRF vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41095

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41094

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41093

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41092

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41091

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41090

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

7.5CVSS6.2AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References5
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41088

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41086

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41085

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41084

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•7 views

EUVD-2026-41083

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41082

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41081

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41080

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS6AI score0.00463EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41079

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...

7.5CVSS6AI score0.00463EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41078

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41077

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41076

Guardian language-system passes the id GET parameter directly into a PHP exec call in texttosubtitles.php line 19 without sanitization: exec"php jobs/texttosubtitles.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41075

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41074

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41073

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41072

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41071

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41070

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•5 views

EUVD-2026-41069

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41068

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
•added 3 days ago•6 views

EUVD-2026-41067

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Total number of security vulnerabilities417525