Lucene search
K

417525 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41066

Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41065

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41064

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41063

Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitlerendering.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41062

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41061

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41060

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41059

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41058

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-41057

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41055

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41054

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41053

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41052

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41051

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41050

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41049

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41048

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41031

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41030

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

5.3CVSS5.8AI score0.00543EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41029

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

5.8AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41028

NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering...

9.8CVSS5.8AI score0.00842EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41027

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41026

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service...

5.9CVSS5.8AI score0.00538EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41025

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS5.8AI score0.00654EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41023

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41022

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

5.8AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41021

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41020

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41019

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41018

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41017

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41016

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41015

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41014

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41047

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41046

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41045

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41044

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41043

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS5.8AI score0.00087EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41042

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

5.8AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41041

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41040

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41039

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS5.8AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41038

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41037

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score0.00779EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2025-210397

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function VF access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device...

9CVSS6.4AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41036

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS6.5AI score0.00751EPSS
Exploits0References3
Total number of security vulnerabilities417525