Lucene search
K

419059 matches found

EUVD
EUVD
added 2026/06/08 2:12 p.m.12 views

EUVD-2026-35073

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 2:12 p.m.13 views

EUVD-2026-35072

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 2:1 p.m.13 views

EUVD-2026-35071

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 2:0 p.m.13 views

EUVD-2026-35070

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

5.1CVSS3.9AI score0.00248EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 1:45 p.m.12 views

EUVD-2026-35069

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

6.5CVSS6.1AI score0.00261EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 1:30 p.m.13 views

EUVD-2026-35068

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

5.3CVSS3.7AI score0.00388EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 1:15 p.m.13 views

EUVD-2026-35067

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

9CVSS8.2AI score0.006EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 1:0 p.m.12 views

EUVD-2026-35066

A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used...

5.5CVSS6.2AI score0.0037EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 12:59 p.m.12 views

EUVD-2026-35065

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:58 p.m.11 views

EUVD-2026-35064

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.4AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:58 p.m.12 views

EUVD-2026-35063

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:58 p.m.12 views

EUVD-2026-35062

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:51 p.m.3 views

EUVD-2026-21581

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint...

6.3CVSS5.4AI score0.00172EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 12:45 p.m.11 views

EUVD-2026-35057

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passswordreset.php of the component Password Reset Handler. Such manipulation of the argument newpassword with the input...

6.9CVSS5.6AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 12:30 p.m.11 views

EUVD-2026-35056

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 12:15 p.m.10 views

EUVD-2026-35055

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 12:7 p.m.11 views

EUVD-2026-35054

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.12 views

EUVD-2026-35053

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.13 views

EUVD-2026-35052

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.12 views

EUVD-2026-35051

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:5 p.m.10 views

EUVD-2026-35061

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:0 p.m.13 views

EUVD-2026-35060

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.3CVSS3.8AI score0.00273EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 11:45 a.m.11 views

EUVD-2026-35059

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 11:44 a.m.13 views

EUVD-2026-35058

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 11:30 a.m.14 views

EUVD-2026-35050

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 11:23 a.m.12 views

EUVD-2026-35049

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 11:15 a.m.13 views

EUVD-2026-35048

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 11:7 a.m.15 views

EUVD-2026-35047

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
Exploits5References1
EUVD
EUVD
added 2026/06/08 11:0 a.m.13 views

EUVD-2026-35046

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 11:0 a.m.12 views

EUVD-2026-35045

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 10:54 a.m.12 views

EUVD-2026-35044

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 10:45 a.m.12 views

EUVD-2026-35043

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 10:30 a.m.10 views

EUVD-2026-35042

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 10:22 a.m.12 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 10:15 a.m.14 views

EUVD-2026-35040

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS5.2AI score0.00197EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 10:0 a.m.12 views

EUVD-2026-35039

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

9CVSS8.4AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 9:45 a.m.11 views

EUVD-2026-35038

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

9CVSS6.2AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 9:30 a.m.13 views

EUVD-2026-35037

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/08 9:28 a.m.14 views

EUVD-2026-35036

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 9:15 a.m.12 views

EUVD-2026-35035

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS5.4AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 9:0 a.m.13 views

EUVD-2026-35034

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 7:34 a.m.11 views

EUVD-2026-35033

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.4AI score0.02669EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 7:7 a.m.13 views

EUVD-2026-35032

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 7:6 a.m.14 views

EUVD-2026-35031

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 7:5 a.m.12 views

EUVD-2026-35030

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00302EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 7:0 a.m.15 views

EUVD-2026-35029

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...

10CVSS8.5AI score0.06561EPSS
Exploits3References6
EUVD
EUVD
added 2026/06/08 6:45 a.m.12 views

EUVD-2026-35028

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

9CVSS8.3AI score0.03799EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 6:30 a.m.13 views

EUVD-2026-35027

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

6.9CVSS5.4AI score0.00432EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 6:15 a.m.14 views

EUVD-2026-35026

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 6:0 a.m.13 views

EUVD-2026-35025

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

5.3CVSS5.1AI score0.00215EPSS
Exploits0References6
Total number of security vulnerabilities419059