Lucene search
K

419014 matches found

EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36134

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...

4.8CVSS5.2AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.11 views

EUVD-2026-36123

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 12:32 a.m.15 views

EUVD-2026-36135

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

7.1CVSS6.7AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36149

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS5.7AI score0.01193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2022-56002

A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4...

3.5CVSS5.4AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36156

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.7AI score0.00615EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36145

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

6.9CVSS5.5AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.11 views

EUVD-2026-36144

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.14 views

EUVD-2026-36147

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

8.5CVSS5.7AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36150

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS5.5AI score0.00315EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.15 views

EUVD-2026-36146

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

9.8CVSS6.9AI score0.27095EPSS
Exploits3References3
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2022-56001

A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4...

7.1CVSS5.5AI score0.00099EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:0 a.m.12 views

EUVD-2026-36241

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS6.3AI score0.00329EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 10:23 p.m.18 views

EUVD-2026-36168

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/10 10:20 p.m.12 views

EUVD-2026-36166

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 10:20 p.m.11 views

EUVD-2026-36165

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS6.3AI score0.00482EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:20 p.m.10 views

EUVD-2026-36197

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:15 p.m.15 views

EUVD-2026-36196

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS5.4AI score0.01027EPSS
Exploits3References3
EUVD
EUVD
added 2026/06/10 10:11 p.m.13 views

EUVD-2026-36194

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:11 p.m.10 views

EUVD-2026-36193

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.4AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:1 p.m.11 views

EUVD-2026-36186

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 9:55 p.m.12 views

EUVD-2026-36181

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

9.8CVSS8.4AI score0.02225EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 9:51 p.m.9 views

EUVD-2026-36178

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

5.7CVSS5.6AI score0.00093EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:50 p.m.10 views

EUVD-2026-36177

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS5.4AI score0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:47 p.m.10 views

EUVD-2026-36176

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue ha...

4.1CVSS5.3AI score0.00077EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:47 p.m.11 views

EUVD-2026-36175

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 9:46 p.m.11 views

EUVD-2026-36174

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS5.5AI score0.00092EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:45 p.m.10 views

EUVD-2026-36173

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS5.5AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:44 p.m.10 views

EUVD-2026-36172

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:40 p.m.11 views

EUVD-2026-36171

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:39 p.m.28 views

EUVD-2026-36170

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

7.6CVSS5.3AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:31 p.m.10 views

EUVD-2026-36164

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23...

7.5CVSS5.3AI score0.00441EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:30 p.m.10 views

EUVD-2026-36163

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

5.3CVSS5.3AI score0.00441EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:30 p.m.10 views

EUVD-2026-36162

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS5.4AI score0.01849EPSS
Exploits4References1
EUVD
EUVD
added 2026/06/10 9:29 p.m.11 views

EUVD-2026-36161

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS5.3AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:26 p.m.11 views

EUVD-2026-36160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

5.7CVSS5.5AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:26 p.m.10 views

EUVD-2026-36159

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...

5.3CVSS5.3AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:25 p.m.10 views

EUVD-2026-36158

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS5.3AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:25 p.m.12 views

EUVD-2026-36157

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would...

5.3CVSS5.3AI score0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:22 p.m.9 views

EUVD-2026-36155

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

6.2CVSS5.4AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:18 p.m.10 views

EUVD-2026-36154

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00432EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 9:9 p.m.11 views

EUVD-2026-36153

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:8 p.m.9 views

EUVD-2026-36152

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:32 p.m.16 views

EUVD-2026-36136

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...

7.5CVSS5.5AI score0.00539EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 8:28 p.m.10 views

EUVD-2026-36133

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

8.7CVSS5.4AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:27 p.m.11 views

EUVD-2026-36132

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS5.4AI score0.00269EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 8:22 p.m.13 views

EUVD-2026-36127

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

7CVSS5.5AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:21 p.m.11 views

EUVD-2026-36126

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:19 p.m.12 views

EUVD-2026-36125

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:16 p.m.10 views

EUVD-2026-36124

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
Total number of security vulnerabilities419014