Lucene search
K

419428 matches found

EUVD
EUVD
added 2026/06/04 12:30 p.m.11 views

EUVD-2026-34253

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 12:15 p.m.10 views

EUVD-2026-34252

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 12:14 p.m.14 views

EUVD-2025-210064

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS5.7AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:13 p.m.11 views

EUVD-2026-34251

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:7 p.m.10 views

EUVD-2026-34250

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:4 p.m.10 views

EUVD-2026-34249

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 12:4 p.m.11 views

EUVD-2026-34248

A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...

9.6CVSS5.8AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 12:4 p.m.11 views

EUVD-2025-210063

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

8.5CVSS5.8AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:4 p.m.12 views

EUVD-2026-34247

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:0 p.m.24 views

EUVD-2026-34246

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

3.6CVSS5AI score0.00083EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/04 11:56 a.m.11 views

EUVD-2025-210062

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:49 a.m.10 views

EUVD-2025-210061

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:45 a.m.12 views

EUVD-2026-34245

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/04 11:42 a.m.10 views

EUVD-2025-210060

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

5.3CVSS5.6AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:41 a.m.10 views

EUVD-2025-210059

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.9AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:40 a.m.10 views

EUVD-2025-210058

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters...

8.8CVSS5.6AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:15 a.m.11 views

EUVD-2026-34244

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/04 11:14 a.m.12 views

EUVD-2026-34243

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

9.8CVSS5.9AI score0.00302EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:0 a.m.13 views

EUVD-2026-34242

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/04 10:49 a.m.12 views

EUVD-2026-34241

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:49 a.m.11 views

EUVD-2026-34240

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:45 a.m.12 views

EUVD-2026-34239

A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hashfeatures of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high...

3.6CVSS5.2AI score0.00075EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/04 9:44 a.m.13 views

EUVD-2026-34238

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:43 a.m.12 views

EUVD-2026-34237

Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035...

6.1CVSS6AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:43 a.m.13 views

EUVD-2026-34236

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:41 a.m.10 views

EUVD-2026-34235

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f...

6.1CVSS5.9AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:40 a.m.11 views

EUVD-2026-34234

Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:39 a.m.12 views

EUVD-2026-34233

Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:38 a.m.11 views

EUVD-2026-34232

Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3...

6.1CVSS5.8AI score0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:34 a.m.10 views

EUVD-2026-34231

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS5.9AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:29 a.m.11 views

EUVD-2026-34230

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:26 a.m.10 views

EUVD-2026-34229

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.8AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:20 a.m.10 views

EUVD-2026-34228

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...

9.3CVSS5.9AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:49 a.m.11 views

EUVD-2026-34227

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:7 a.m.11 views

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:39 a.m.11 views

EUVD-2026-34225

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:32 a.m.12 views

EUVD-2026-34224

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:28 a.m.11 views

EUVD-2026-34223

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

9.8CVSS5.8AI score0.0029EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:22 a.m.10 views

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:17 a.m.10 views

EUVD-2026-34221

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

9.3CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:9 a.m.11 views

EUVD-2026-34220

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

9.4CVSS5.8AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:4 a.m.10 views

EUVD-2026-34219

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:46 a.m.11 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:43 a.m.10 views

EUVD-2026-34217

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:35 a.m.11 views

EUVD-2026-34216

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:30 a.m.11 views

EUVD-2026-34215

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:25 a.m.10 views

EUVD-2026-34214

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

8.3CVSS5.8AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:21 a.m.11 views

EUVD-2026-34213

The debugging routine SCREENCLICK5053 enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface...

9.4CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:17 a.m.14 views

EUVD-2026-34212

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 5:43 a.m.13 views

EUVD-2026-34211

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
Total number of security vulnerabilities419428