Lucene search
K

419346 matches found

EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2023-60580

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication...

8.2CVSS5.8AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.13 views

EUVD-2024-55612

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS5.8AI score0.0443EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.8 views

EUVD-2024-55611

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied...

6.9CVSS5.8AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2024-55613

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS5.8AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34543

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34544

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.0039EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34331

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.8AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34542

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34339

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

8.6CVSS6.8AI score0.02635EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/05 12:31 a.m.12 views

EUVD-2026-34332

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

8.6CVSS6.7AI score0.02199EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/05 12:31 a.m.12 views

EUVD-2024-55610

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

5.8AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:30 a.m.13 views

EUVD-2026-34778

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/05 12:15 a.m.13 views

EUVD-2026-34777

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS5.9AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:12 a.m.12 views

EUVD-2026-34776

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS5.6AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:0 a.m.10 views

EUVD-2026-34775

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS6.5AI score0.04236EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/05 12:0 a.m.10 views

EUVD-2026-34866

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:0 a.m.11 views

EUVD-2020-31249

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:0 a.m.15 views

EUVD-2026-34844

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS5.5AI score0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 12:0 a.m.9 views

EUVD-2026-34867

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:0 a.m.11 views

EUVD-2026-34845

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.7AI score0.00199EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/04 9:8 p.m.12 views

EUVD-2026-34330

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:0 p.m.11 views

EUVD-2026-34329

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:57 p.m.10 views

EUVD-2026-34328

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:54 p.m.14 views

EUVD-2026-34327

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:48 p.m.14 views

EUVD-2026-34326

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:47 p.m.11 views

EUVD-2026-34325

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:31 p.m.12 views

EUVD-2026-34324

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6.2AI score0.0032EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/04 8:30 p.m.15 views

EUVD-2026-34323

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS6.8AI score0.02199EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 7:54 p.m.12 views

EUVD-2026-34322

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6.2AI score0.00218EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/04 7:44 p.m.11 views

EUVD-2026-34321

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.8AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 7:31 p.m.9 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:28 p.m.14 views

EUVD-2026-34319

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:26 p.m.12 views

EUVD-2026-34318

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS6AI score0.00433EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 6:47 p.m.11 views

EUVD-2026-33303

WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint...

7.1CVSS5.8AI score0.0012EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/04 6:46 p.m.16 views

EUVD-2026-33304

WWBN AVideo: Stored XSS via unescaped Gallery category description...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/04 6:1 p.m.11 views

EUVD-2026-32924

Hono: app.mount strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 6:0 p.m.13 views

EUVD-2026-32926

Hono: IP Restriction bypasses static deny rules for non-canonical IPv6...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 5:59 p.m.16 views

EUVD-2026-32925

Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 5:55 p.m.11 views

EUVD-2026-34316

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:52 p.m.12 views

EUVD-2026-34315

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.9AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:52 p.m.16 views

EUVD-2026-32927

Hono: JWT middleware accepts any Authorization scheme, not only Bearer...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 5:50 p.m.10 views

EUVD-2026-34314

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:49 p.m.16 views

EUVD-2026-31998

epa4all-client: Unauthenticated REST API for Patient Record Writes...

6.5CVSS5.8AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:47 p.m.10 views

EUVD-2026-34313

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/04 5:43 p.m.11 views

EUVD-2026-34312

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:39 p.m.10 views

EUVD-2025-210067

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS5.9AI score0.00384EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 5:22 p.m.13 views

EUVD-2026-34307

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 5:20 p.m.13 views

EUVD-2026-34306

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:19 p.m.11 views

EUVD-2026-34305

OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a val...

9.8CVSS5.9AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 5:13 p.m.16 views

EUVD-2026-34304

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

9.8CVSS6.5AI score0.00729EPSS
Exploits0References2
Total number of security vulnerabilities419346