Lucene search
K

419066 matches found

EUVD
EUVD
added 2026/06/07 7:30 p.m.15 views

EUVD-2026-34991

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS5.2AI score0.00311EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/07 12:8 p.m.14 views

EUVD-2026-34990

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...

8.7CVSS5.6AI score0.00542EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/07 8:15 a.m.12 views

EUVD-2026-34989

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS4.8AI score0.00106EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 8:0 a.m.20 views

EUVD-2026-34988

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 7:45 a.m.13 views

EUVD-2026-34987

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 7:15 a.m.13 views

EUVD-2026-34986

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxfdumpsystable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

7.5CVSS7AI score0.0026EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 7:0 a.m.12 views

EUVD-2026-34985

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS5.2AI score0.00936EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/07 3:45 a.m.13 views

EUVD-2026-34984

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

6.5CVSS6.3AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 3:15 a.m.14 views

EUVD-2026-34983

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 3:0 a.m.12 views

EUVD-2026-34982

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 2:30 a.m.11 views

EUVD-2026-34981

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score0.01572EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 2:15 a.m.12 views

EUVD-2026-34980

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score0.01102EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/07 2:0 a.m.12 views

EUVD-2026-34979

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 1:15 a.m.11 views

EUVD-2026-34978

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS5.1AI score0.01073EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 12:31 a.m.15 views

EUVD-2026-34977

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

8.4CVSS5.4AI score0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/06 5:45 p.m.12 views

EUVD-2026-34976

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 5:30 p.m.10 views

EUVD-2026-34975

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 5:15 p.m.12 views

EUVD-2026-34974

A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from...

6.5CVSS5AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 5:0 p.m.12 views

EUVD-2026-34973

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 4:30 p.m.11 views

EUVD-2026-34972

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

7.5CVSS5AI score0.00409EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 3:45 p.m.12 views

EUVD-2026-34971

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS4AI score0.00263EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 3:15 p.m.15 views

EUVD-2026-34970

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 2:15 p.m.14 views

EUVD-2026-34969

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS3.9AI score0.00275EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 12:45 p.m.19 views

EUVD-2026-34968

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS5.9AI score0.00481EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 11:0 a.m.14 views

EUVD-2026-34967

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 10:45 a.m.12 views

EUVD-2026-34966

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS5AI score0.00171EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 10:30 a.m.14 views

EUVD-2026-34965

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 9:31 a.m.6 views

EUVD-2025-26494

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01...

9.8CVSS5.4AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 9:31 a.m.16 views

EUVD-2025-26378

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure. This issue affects OctoCloud: from s1.09.02 before v1.11.01...

4.7CVSS5.4AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 9:31 a.m.4 views

EUVD-2025-26342

Cross-Site Request Forgery CSRF vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12...

8.6CVSS5.4AI score0.00157EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 9:31 a.m.5 views

EUVD-2025-26341

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass. This issue affects QR Menu: from s1.05.07 before v1.05.12...

8.6CVSS5.4AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 9:15 a.m.13 views

EUVD-2026-34963

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 9:14 a.m.12 views

EUVD-2026-34964

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

5.7AI score0.00414EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 6:30 a.m.7 views

EUVD-2025-26493

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01...

8.6CVSS5.4AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 6:30 a.m.12 views

EUVD-2025-26377

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass. This issue affects OctoCloud: from s1.09.03 before v1.11.01...

8.6CVSS5.4AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 4:28 a.m.24 views

EUVD-2026-34962

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/06 4:28 a.m.11 views

EUVD-2026-34961

The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...

7.2CVSS5.4AI score0.00345EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 4:28 a.m.13 views

EUVD-2026-34960

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

5.3CVSS5.6AI score0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 3:28 a.m.13 views

EUVD-2026-34959

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 3:28 a.m.13 views

EUVD-2026-34957

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via MappressApi::restapiinit, where the GET...

5.3CVSS5.5AI score0.00813EPSS
Exploits0References24
EUVD
EUVD
added 2026/06/06 3:28 a.m.13 views

EUVD-2026-34958

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 3:28 a.m.16 views

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.16 views

EUVD-2026-34954

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34955

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS5.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34953

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34950

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.13 views

EUVD-2026-34951

The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34952

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.16 views

EUVD-2026-34948

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34949

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References11
Total number of security vulnerabilities419066