Lucene search
K

419016 matches found

EUVD
EUVD
added 2026/06/10 3:34 p.m.10 views

EUVD-2026-36062

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:57 p.m.12 views

EUVD-2026-36060

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 2:57 p.m.11 views

EUVD-2026-36059

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.4AI score0.00448EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:41 p.m.14 views

EUVD-2026-36058

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.5AI score0.00335EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.13 views

EUVD-2026-36057

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.5AI score0.00194EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.12 views

EUVD-2026-36056

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

2.3CVSS5.5AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.12 views

EUVD-2026-36055

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.3CVSS5.6AI score0.00234EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 2:35 p.m.13 views

EUVD-2026-36054

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.9 views

EUVD-2026-36053

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.13 views

EUVD-2026-36052

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:34 p.m.12 views

EUVD-2026-36051

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:31 p.m.12 views

EUVD-2026-36050

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:11 p.m.12 views

EUVD-2025-210108

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...

8.4CVSS5.7AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:10 p.m.13 views

EUVD-2025-210107

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

8.4CVSS5.6AI score0.00077EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:9 p.m.11 views

EUVD-2026-36049

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:9 p.m.13 views

EUVD-2026-36048

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

8.5CVSS6AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:9 p.m.14 views

EUVD-2026-36047

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

8.5CVSS6AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:8 p.m.10 views

EUVD-2026-36046

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

5.1CVSS5.5AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:7 p.m.11 views

EUVD-2026-36045

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

7.2CVSS5.7AI score0.01038EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 2:4 p.m.11 views

EUVD-2026-36044

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

8.8CVSS5.5AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:3 p.m.13 views

EUVD-2026-36043

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:3 p.m.12 views

EUVD-2026-36042

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...

6.5CVSS5.4AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.12 views

EUVD-2026-36041

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.10 views

EUVD-2026-36040

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:1 p.m.17 views

EUVD-2026-36039

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:0 p.m.16 views

EUVD-2026-36038

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:0 p.m.12 views

EUVD-2026-36037

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:59 p.m.12 views

EUVD-2026-36036

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:59 p.m.11 views

EUVD-2026-36035

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.beforerequest → @jwtrequired app/routes/install/routes.py:36-39. The individual endpoints installexporter, installwaf, installgeoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:55 p.m.22 views

EUVD-2026-36034

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS5.5AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.18 views

EUVD-2026-36033

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.11 views

EUVD-2026-36032

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security TLS connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle MITM attacker to intercept and harvest vCenter administrator credentials. This can lead to...

9.3CVSS5.4AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.12 views

EUVD-2026-36031

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS5.5AI score0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.12 views

EUVD-2026-36030

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

9.6CVSS5.8AI score0.00298EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.10 views

EUVD-2026-36029

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.3AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.10 views

EUVD-2026-36028

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:44 p.m.9 views

EUVD-2026-36027

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...

7.1CVSS5.5AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.13 views

EUVD-2026-36026

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.10 views

EUVD-2026-36025

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.2AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.11 views

EUVD-2026-36023

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS5.5AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.11 views

EUVD-2026-36024

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:5 p.m.12 views

EUVD-2026-36022

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.5AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:5 p.m.11 views

EUVD-2026-36021

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between //, allowing attackers to perform phishing attacks...

4.3CVSS5.5AI score0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:5 p.m.10 views

EUVD-2026-36020

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:5 p.m.12 views

EUVD-2026-36019

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS5.7AI score0.14907EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/10 1:4 p.m.14 views

EUVD-2025-210106

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 1:2 p.m.12 views

EUVD-2025-210105

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 12:43 p.m.10 views

EUVD-2026-36018

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:42 p.m.12 views

EUVD-2026-36017

Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:42 p.m.11 views

EUVD-2026-36016

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2
Total number of security vulnerabilities419016