Lucene search
K

418961 matches found

EUVD
EUVD
added 2026/06/12 2:42 p.m.11 views

EUVD-2026-36457

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

8.7CVSS5.5AI score0.00606EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:41 p.m.11 views

EUVD-2026-36456

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:39 p.m.13 views

EUVD-2026-36495

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:39 p.m.10 views

EUVD-2026-36494

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

5.3CVSS5.2AI score0.00594EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:38 p.m.10 views

EUVD-2026-36493

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:36 p.m.16 views

EUVD-2026-36492

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.00489EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:35 p.m.14 views

EUVD-2026-36491

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versions 15.107.2 and 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:34 p.m.11 views

EUVD-2026-36490

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.2AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:33 p.m.10 views

EUVD-2026-36489

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.00292EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:29 p.m.12 views

EUVD-2026-36488

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:27 p.m.10 views

EUVD-2026-36487

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:26 p.m.11 views

EUVD-2026-36486

Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows Brute Force. This issue affects Related Marketing Cloud RMC: through 12052026...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:26 p.m.11 views

EUVD-2026-36485

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:23 p.m.20 views

EUVD-2026-36455

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
EUVD
EUVD
added 2026/06/12 2:23 p.m.9 views

EUVD-2026-36454

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS5.3AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:22 p.m.10 views

EUVD-2026-36453

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via getbloglist. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS5.7AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:22 p.m.9 views

EUVD-2026-36452

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS5.1AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:19 p.m.11 views

EUVD-2026-36451

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.4AI score0.00371EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:17 p.m.12 views

EUVD-2026-36450

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:17 p.m.13 views

EUVD-2026-36449

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:17 p.m.10 views

EUVD-2026-36448

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

9.8CVSS6AI score0.00507EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:16 p.m.11 views

EUVD-2026-36447

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:16 p.m.12 views

EUVD-2026-36446

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...

10CVSS5.6AI score0.00536EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:16 p.m.11 views

EUVD-2026-36445

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:15 p.m.10 views

EUVD-2026-36444

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS5.2AI score0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:15 p.m.10 views

EUVD-2026-36443

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS8.4AI score0.0279EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/12 2:14 p.m.11 views

EUVD-2026-36442

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:14 p.m.10 views

EUVD-2026-36441

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call.lookupGetter, Buffer, "proto", Buffer.call.call.lookupSetter, Buffer, "proto", and Node.js's ERRINVALIDARGTYPE Error, the host's TypeError constructor can be obtained, which allows the escape from...

10CVSS5.4AI score0.004EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:14 p.m.11 views

EUVD-2026-36440

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:12 p.m.12 views

EUVD-2026-36439

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS5.2AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:11 p.m.10 views

EUVD-2026-36438

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.12 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.12 views

EUVD-2026-36436

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:6 p.m.9 views

EUVD-2026-36435

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.2AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:5 p.m.12 views

EUVD-2026-36434

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

9.8CVSS5.2AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:1 p.m.16 views

EUVD-2026-36433

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:0 p.m.12 views

EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:56 p.m.10 views

EUVD-2026-36431

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:52 p.m.16 views

EUVD-2026-36430

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:50 p.m.10 views

EUVD-2026-36429

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:30 p.m.10 views

EUVD-2026-36426

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:29 p.m.12 views

EUVD-2026-36425

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:23 p.m.12 views

EUVD-2026-36424

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS5.2AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:19 p.m.8 views

EUVD-2017-18978

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:0 p.m.10 views

EUVD-2026-36423

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 12:58 p.m.10 views

EUVD-2026-36422

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS5.2AI score0.0023EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 12:51 p.m.10 views

EUVD-2026-36420

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

5.3CVSS5.4AI score0.00164EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/12 12:51 p.m.10 views

EUVD-2026-36419

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS5.2AI score0.00208EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/12 12:50 p.m.13 views

EUVD-2026-36418

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS5.1AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:30 p.m.10 views

EUVD-2026-36417

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

1.8CVSS3.7AI score0.00106EPSS
Exploits0References6
Total number of security vulnerabilities418961