Lucene search
K

419039 matches found

EUVD
EUVD
•added 2026/06/09 6:30 p.m.•13 views

EUVD-2026-35463

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS5.4AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•11 views

EUVD-2026-35457

Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface...

6.8CVSS5.4AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•11 views

EUVD-2026-35450

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS5.5AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35705

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS5.4AI score0.00132EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•21 views

EUVD-2026-35465

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...

7.2CVSS5.4AI score0.00278EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•12 views

EUVD-2026-35446

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•12 views

EUVD-2026-35454

Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...

7.3CVSS5.6AI score0.00289EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35452

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

5.7CVSS5.4AI score0.00219EPSS
Exploits0References20
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•12 views

EUVD-2026-35453

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

6.8CVSS5.4AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•17 views

EUVD-2026-35464

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS5.4AI score0.00229EPSS
Exploits0References14
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•14 views

EUVD-2026-35442

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•17 views

EUVD-2026-35443

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS5.7AI score0.23393EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35448

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

8.1CVSS6.1AI score0.00323EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35444

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS6.3AI score0.34454EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•14 views

EUVD-2026-35445

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...

9.8CVSS5.6AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•11 views

EUVD-2026-35447

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

6.2AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•14 views

EUVD-2026-35441

An Authentication Bypass vulnerability CWE-288 in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access...

10CVSS5.6AI score0.99041EPSS
Exploits6References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•11 views

EUVD-2025-210085

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...

6.7CVSS5.6AI score0.00144EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35440

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.3AI score0.99041EPSS
Exploits6References2
EUVD
EUVD
•added 2026/06/09 6:10 p.m.•14 views

EUVD-2026-35791

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS6AI score0.00097EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/09 6:9 p.m.•10 views

EUVD-2026-35790

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS5.5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 6:4 p.m.•11 views

EUVD-2026-35789

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...

5.7CVSS5.4AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:51 p.m.•12 views

EUVD-2026-35788

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00097EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:49 p.m.•10 views

EUVD-2026-35787

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:49 p.m.•12 views

EUVD-2026-35786

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:49 p.m.•11 views

EUVD-2026-35785

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•10 views

EUVD-2026-35784

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•11 views

EUVD-2026-35782

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•12 views

EUVD-2026-35783

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•13 views

EUVD-2026-35781

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•13 views

EUVD-2026-35780

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•11 views

EUVD-2026-35779

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•12 views

EUVD-2026-35778

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•10 views

EUVD-2026-35777

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•12 views

EUVD-2026-35776

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•12 views

EUVD-2026-35775

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•11 views

EUVD-2026-35774

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:43 p.m.•12 views

EUVD-2026-35773

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:37 p.m.•10 views

EUVD-2026-35772

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:36 p.m.•13 views

EUVD-2026-35771

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:34 p.m.•11 views

EUVD-2026-35770

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/09 5:34 p.m.•11 views

EUVD-2026-35769

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS5.5AI score0.00372EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/09 5:34 p.m.•10 views

EUVD-2026-35768

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:33 p.m.•16 views

EUVD-2026-35767

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service...

6.8CVSS5.5AI score0.001EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:31 p.m.•12 views

EUVD-2026-35766

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:22 p.m.•9 views

EUVD-2025-210086

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:13 p.m.•10 views

EUVD-2026-35765

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's...

8CVSS5.5AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:13 p.m.•11 views

EUVD-2026-35764

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.9CVSS5.4AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/09 5:13 p.m.•11 views

EUVD-2026-35763

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...

9.3CVSS5.5AI score0.00243EPSS
Exploits0References1
Total number of security vulnerabilities419039