Lucene search
K

417576 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40871

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS6AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40870

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

5.3CVSS6AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40869

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.4AI score0.1308EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40861

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40449

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40453

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40845

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS6.2AI score0.03081EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40844

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS6.2AI score0.03074EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-40454

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40451

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...

5.3CVSS5.8AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40452

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS6.4AI score0.01683EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-40447

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS5.8AI score0.00123EPSS
Exploits1References4
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40448

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40450

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40446

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40443

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40437

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40435

Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40441

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers can bypass backend validation by directly updating the public.orgs table from the browser,...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40439

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40440

Capgo before 12.128.2 contains improper error handling in the /private/acceptinvitation endpoint that returns HTTP 500 instead of safe 4xx errors when magicinvitestring is invalid. Attackers can trigger this vulnerability using only the public key by submitting malformed magicinvitestring values ...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40442

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40432

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40430

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40438

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.inviteusertoorg RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable AP...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40434

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40433

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...

9.3CVSS5.8AI score0.00379EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40445

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations...

4.8CVSS6AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40436

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-40444

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40457

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40827

Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40828

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40830

Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40841

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40840

Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40831

Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40832

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40836

Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40842

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40826

Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40829

Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40837

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40834

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40835

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40833

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00264EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40838

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40843

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.002EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40431

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS6.2AI score0.00521EPSS
Exploits0References4
Total number of security vulnerabilities417576