Lucene search
K

419016 matches found

EUVD
EUVD
added 2026/06/10 12:41 p.m.10 views

EUVD-2026-36015

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS5.6AI score0.00457EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:41 p.m.12 views

EUVD-2026-36014

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:40 p.m.13 views

EUVD-2026-36013

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...

8.8CVSS5.5AI score0.00252EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:40 p.m.10 views

EUVD-2026-36012

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:39 p.m.10 views

EUVD-2026-36011

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:39 p.m.11 views

EUVD-2026-36010

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS5.4AI score0.00342EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/10 12:39 p.m.11 views

EUVD-2026-36009

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

8.8CVSS6.3AI score0.0071EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 12:39 p.m.11 views

EUVD-2026-36008

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click...

8.4CVSS5.9AI score0.00503EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:38 p.m.13 views

EUVD-2026-36007

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:37 p.m.12 views

EUVD-2026-36006

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...

4.6CVSS5.6AI score0.00185EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:37 p.m.13 views

EUVD-2026-36005

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...

6.9CVSS5.5AI score0.00169EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 12:36 p.m.13 views

EUVD-2026-36004

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:36 p.m.10 views

EUVD-2024-55616

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...

2.9CVSS5.5AI score0.0011EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:32 p.m.10 views

EUVD-2026-36003

Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted...

7.3CVSS5.4AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 11:49 a.m.16 views

EUVD-2026-36000

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS5.4AI score0.00131EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 11:43 a.m.10 views

EUVD-2026-36002

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

8.4CVSS5.4AI score0.00122EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 11:35 a.m.10 views

EUVD-2026-36001

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:10 a.m.11 views

EUVD-2026-35999

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 9:10 a.m.16 views

EUVD-2026-35998

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in...

6.5CVSS5.5AI score0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 8:28 a.m.14 views

EUVD-2026-35997

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 8:28 a.m.14 views

EUVD-2025-210104

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 7:50 a.m.14 views

EUVD-2026-35996

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/10 7:50 a.m.15 views

EUVD-2026-35995

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 6:59 a.m.10 views

EUVD-2026-35994

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:48 a.m.12 views

EUVD-2026-35993

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 6:39 a.m.17 views

EUVD-2026-35992

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:37 a.m.13 views

EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:16 a.m.11 views

EUVD-2026-35990

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

8.7CVSS5.4AI score0.00395EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/10 6:8 a.m.11 views

EUVD-2026-35989

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...

6.9CVSS5.4AI score0.00362EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.17 views

EUVD-2026-35988

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.10 views

EUVD-2026-35986

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...

8.8CVSS5.7AI score0.00296EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.12 views

EUVD-2026-35987

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

3.5CVSS5.5AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:0 a.m.12 views

EUVD-2026-35985

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

8.6CVSS5.6AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:44 a.m.11 views

EUVD-2026-35984

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS5.3AI score0.0019EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 5:3 a.m.14 views

EUVD-2026-35983

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 5:3 a.m.13 views

EUVD-2026-35982

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS5.6AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 5:2 a.m.13 views

EUVD-2026-35981

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 4:31 a.m.14 views

EUVD-2025-210103

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 3:15 a.m.11 views

EUVD-2026-35980

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:15 a.m.13 views

EUVD-2026-35979

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...

8.7CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:15 a.m.15 views

EUVD-2026-35978

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:14 a.m.11 views

EUVD-2026-35977

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.00977EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:14 a.m.15 views

EUVD-2026-35976

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:8 a.m.15 views

EUVD-2026-35975

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:8 a.m.12 views

EUVD-2026-35974

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:7 a.m.14 views

EUVD-2026-35973

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:6 a.m.16 views

EUVD-2026-35972

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.00988EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:6 a.m.12 views

EUVD-2025-210102

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

6.9CVSS5.5AI score0.00456EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:5 a.m.10 views

EUVD-2025-210101

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:5 a.m.11 views

EUVD-2025-210100

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
Total number of security vulnerabilities419016