Lucene search
K

419045 matches found

EUVD
EUVD
added 2026/06/09 6:59 a.m.14 views

EUVD-2026-35362

Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.6CVSS5.4AI score0.00079EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:57 a.m.10 views

EUVD-2026-35361

Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability...

3.6CVSS5.4AI score0.00074EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:56 a.m.12 views

EUVD-2026-35360

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability...

5.9CVSS5.4AI score0.00078EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:54 a.m.12 views

EUVD-2026-35359

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

5.4CVSS5.4AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:52 a.m.12 views

EUVD-2026-35358

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability...

2.4CVSS5.4AI score0.0011EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:43 a.m.11 views

EUVD-2026-35357

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

5.1CVSS5.4AI score0.00073EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:42 a.m.14 views

EUVD-2026-35356

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

5.2CVSS5.4AI score0.00078EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:40 a.m.10 views

EUVD-2026-35355

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability...

4.3CVSS5.4AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:20 a.m.11 views

EUVD-2026-35354

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:20 a.m.14 views

EUVD-2026-35353

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

7.6CVSS5.5AI score0.00452EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 6:17 a.m.10 views

EUVD-2025-210082

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

5.1CVSS5.8AI score0.00445EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:1 a.m.11 views

EUVD-2026-35348

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

9.8CVSS5.9AI score0.00643EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 6:0 a.m.13 views

EUVD-2026-35352

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

3.5CVSS5.7AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:0 a.m.11 views

EUVD-2026-35351

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:51 a.m.11 views

EUVD-2026-35350

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

8.7CVSS5.2AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:0 a.m.11 views

EUVD-2026-35349

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

8.8CVSS5.9AI score0.01057EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 4:6 a.m.18 views

EUVD-2026-35347

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 4:0 a.m.12 views

EUVD-2026-35346

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

7.5CVSS5.4AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:57 a.m.11 views

EUVD-2026-35345

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

7.5CVSS5.4AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.13 views

EUVD-2026-35344

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

8.1CVSS5.6AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.14 views

EUVD-2026-35343

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.18 views

EUVD-2026-35342

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS5.5AI score0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.12 views

EUVD-2026-35341

Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS5.4AI score0.00087EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:51 a.m.15 views

EUVD-2026-35340

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

3.7CVSS5.6AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.11 views

EUVD-2026-35339

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.16 views

EUVD-2026-35338

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.12 views

EUVD-2026-35337

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.12 views

EUVD-2026-35336

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

3.7CVSS5.4AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.13 views

EUVD-2026-35335

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

4.8CVSS5.4AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.19 views

EUVD-2026-35334

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35333

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

7.1CVSS5.3AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35332

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

4.2CVSS5.6AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35331

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.14 views

EUVD-2026-35330

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS5.5AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35329

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality...

5.5CVSS5.4AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35328

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.12 views

EUVD-2026-35327

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.4AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:49 a.m.11 views

EUVD-2026-35326

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:49 a.m.18 views

EUVD-2026-35325

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

4.8CVSS5.4AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.13 views

EUVD-2026-35324

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.13 views

EUVD-2026-35323

Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4.4CVSS5.4AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35322

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35321

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...

5.9CVSS5.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:47 a.m.19 views

EUVD-2026-35320

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS5.4AI score0.00623EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:47 a.m.11 views

EUVD-2026-35319

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

6.3CVSS5.4AI score0.00067EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:46 a.m.31 views

EUVD-2026-35318

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

7.5CVSS5.4AI score0.00474EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35317

The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 3:41 a.m.12 views

EUVD-2026-35314

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35316

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:41 a.m.11 views

EUVD-2026-35315

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References3
Total number of security vulnerabilities419045