Lucene search
K

418889 matches found

EUVD
EUVD
added 2026/06/15 12:31 a.m.13 views

EUVD-2026-36673

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS7AI score0.02385EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36670

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS7.1AI score0.00137EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 12:31 a.m.15 views

EUVD-2026-36669

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:31 a.m.13 views

EUVD-2026-36667

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:31 a.m.13 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 12:30 a.m.12 views

EUVD-2026-36676

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS5.4AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:15 a.m.11 views

EUVD-2026-36675

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS8AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 12:0 a.m.11 views

EUVD-2026-36674

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.2AI score0.00525EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/14 8:45 p.m.14 views

EUVD-2026-36665

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS7.7AI score0.01966EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/14 5:38 p.m.13 views

EUVD-2026-36664

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS5.7AI score0.00459EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 5:26 p.m.13 views

EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS5.6AI score0.00407EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 5:21 p.m.14 views

EUVD-2026-36662

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 5:10 p.m.14 views

EUVD-2026-36661

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...

9CVSS5.8AI score0.00541EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 11:40 a.m.14 views

EUVD-2026-36660

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

5.5AI score0.00618EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/14 11:39 a.m.14 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/14 6:0 a.m.15 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/14 3:49 a.m.13 views

EUVD-2026-36658

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/14 3:23 a.m.15 views

EUVD-2026-36657

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
EUVD
EUVD
added 2026/06/14 12:30 a.m.16 views

EUVD-2026-36656

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out...

5.3CVSS3.7AI score0.00265EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/14 12:30 a.m.13 views

EUVD-2026-36655

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS5.2AI score0.00214EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/13 8:15 p.m.13 views

EUVD-2026-36654

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

9CVSS7.6AI score0.00582EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 5:36 p.m.15 views

EUVD-2026-36653

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/13 4:34 p.m.16 views

EUVD-2026-36652

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

9.8CVSS8.9AI score0.06022EPSS
Exploits8References3
EUVD
EUVD
added 2026/06/13 11:25 a.m.14 views

EUVD-2026-36651

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.4AI score0.00312EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/13 8:38 a.m.15 views

EUVD-2026-36650

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 8:29 a.m.18 views

EUVD-2026-36649

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 7:51 a.m.16 views

EUVD-2026-36647

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

5.3CVSS5.4AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 7:51 a.m.14 views

EUVD-2026-36648

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 7:51 a.m.13 views

EUVD-2026-36646

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.5AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 6:47 a.m.13 views

EUVD-2026-36645

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS5.6AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 6:0 a.m.12 views

EUVD-2026-36643

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 6:0 a.m.11 views

EUVD-2026-36644

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 5:32 a.m.15 views

EUVD-2026-36642

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/13 2:34 a.m.16 views

EUVD-2026-36640

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 2:34 a.m.15 views

EUVD-2026-36639

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 2:34 a.m.15 views

EUVD-2026-36638

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS5.3AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 2:34 a.m.16 views

EUVD-2026-36637

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 2:29 a.m.18 views

EUVD-2026-36636

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's postsrequest filter with wpticketcompostsrequest, which calls emdauthorsearchresults when the current request is an...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/13 2:29 a.m.17 views

EUVD-2026-36635

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2025-210135

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76...

7.8CVSS5.6AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36625

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM policy decisions by sending crafted Mattermost events missing channel type information to process restricted conte...

6.3CVSS5.2AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36634

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

4.6CVSS5.3AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36633

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.5AI score0.01254EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36623

OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated senders to create or update bindings without honoring configured config-write controls. Attackers can exploit this by leveraging the dynamic-agent binding...

4.3CVSS5.3AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36632

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...

7.4CVSS5.4AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2025-210136

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.11 views

EUVD-2026-36603

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.15 views

EUVD-2026-36629

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.4AI score0.00258EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2025-210134

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70....

7.8CVSS5.6AI score0.00122EPSS
Exploits0References2
Total number of security vulnerabilities418889