Lucene search
K

419084 matches found

EUVD
EUVD
•added 2026/06/08 11:23 a.m.•12 views

EUVD-2026-35049

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 11:15 a.m.•13 views

EUVD-2026-35048

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/08 11:7 a.m.•15 views

EUVD-2026-35047

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
Exploits5References1
EUVD
EUVD
•added 2026/06/08 11:0 a.m.•13 views

EUVD-2026-35046

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could all...

7.4CVSS5.8AI score0.04859EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 11:0 a.m.•12 views

EUVD-2026-35045

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 10:54 a.m.•12 views

EUVD-2026-35044

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/08 10:45 a.m.•12 views

EUVD-2026-35043

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 10:30 a.m.•10 views

EUVD-2026-35042

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

6.5CVSS6.4AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 10:22 a.m.•12 views

EUVD-2026-35041

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 10:15 a.m.•14 views

EUVD-2026-35040

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS5.2AI score0.00197EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 10:0 a.m.•12 views

EUVD-2026-35039

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

9CVSS8.4AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 9:45 a.m.•11 views

EUVD-2026-35038

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

9CVSS6.2AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 9:30 a.m.•13 views

EUVD-2026-35037

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.7AI score0.0025EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/08 9:28 a.m.•14 views

EUVD-2026-35036

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 9:15 a.m.•12 views

EUVD-2026-35035

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS5.4AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 9:0 a.m.•13 views

EUVD-2026-35034

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.6AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/08 7:34 a.m.•11 views

EUVD-2026-35033

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.4AI score0.02669EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/08 7:7 a.m.•13 views

EUVD-2026-35032

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 7:6 a.m.•14 views

EUVD-2026-35031

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 7:5 a.m.•12 views

EUVD-2026-35030

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00302EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/08 7:0 a.m.•15 views

EUVD-2026-35029

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...

10CVSS8.5AI score0.06561EPSS
Exploits3References6
EUVD
EUVD
•added 2026/06/08 6:45 a.m.•12 views

EUVD-2026-35028

A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. Affected by this issue is the function aspvoipOtherSet of the file /boaform/voipotherset of the component Web Management Interface. Performing a manipulation of the argument funckeytransfer results in stack-based buffer overflow...

9CVSS8.3AI score0.03799EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 6:30 a.m.•14 views

EUVD-2026-35027

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

6.9CVSS5.4AI score0.00432EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 6:15 a.m.•14 views

EUVD-2026-35026

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/addstock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 6:0 a.m.•13 views

EUVD-2026-35025

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

5.3CVSS5.1AI score0.00215EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 5:45 a.m.•13 views

EUVD-2026-35024

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS5AI score0.00224EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 5:30 a.m.•14 views

EUVD-2026-35023

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

5.3CVSS5.1AI score0.00511EPSS
Exploits1References6
EUVD
EUVD
•added 2026/06/08 5:15 a.m.•12 views

EUVD-2026-35022

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.6AI score0.00223EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 5:0 a.m.•15 views

EUVD-2026-35021

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 4:45 a.m.•14 views

EUVD-2026-35020

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 4:30 a.m.•16 views

EUVD-2026-35019

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 4:15 a.m.•14 views

EUVD-2026-35018

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS5.5AI score0.00923EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/08 4:0 a.m.•13 views

EUVD-2026-35017

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The...

7.5CVSS7.1AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 3:45 a.m.•16 views

EUVD-2026-35016

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 3:30 a.m.•15 views

EUVD-2026-35015

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 3:15 a.m.•12 views

EUVD-2026-35014

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 3:0 a.m.•18 views

EUVD-2026-35013

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS7.1AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 2:45 a.m.•15 views

EUVD-2026-35012

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument contenthash can lead to use of weak hash. T...

2.5CVSS4.6AI score0.00082EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/08 2:30 a.m.•16 views

EUVD-2026-35011

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS6.2AI score0.002EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/08 2:15 a.m.•15 views

EUVD-2026-35010

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex...

4.2CVSS4.7AI score0.0016EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/08 2:0 a.m.•15 views

EUVD-2026-35009

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.9AI score0.00113EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•12 views

EUVD-2024-55615

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

9.8CVSS6.5AI score0.00674EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•12 views

EUVD-2024-55614

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

9.8CVSS6.7AI score0.00838EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•16 views

EUVD-2023-60583

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•22 views

EUVD-2023-60582

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...

7.2CVSS5.2AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•17 views

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS6.7AI score0.00532EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•10 views

EUVD-2022-56000

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00342EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•11 views

EUVD-2021-34850

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

6.4CVSS5.3AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•12 views

EUVD-2021-34849

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/08 1:55 a.m.•13 views

EUVD-2021-34848

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References3
Total number of security vulnerabilities419084