Lucene search
K

417634 matches found

EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40402

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40401

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

8.2CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40400

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40399

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40398

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS5.8AI score0.00474EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40397

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40396

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40395

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40394

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS5.9AI score0.00472EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40393

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40392

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40391

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS5.7AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40390

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40389

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.6CVSS5.8AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40388

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40386

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS6.4AI score0.03415EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40385

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...

4.7CVSS5.9AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40384

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.1CVSS5.8AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-40383

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS6.4AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40382

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40381

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS6AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40378

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...

3.5CVSS5.8AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2025-31200

Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule...

7.8CVSS6.3AI score0.00196EPSS
Exploits1References8
EUVD
EUVD
•added 6 days ago•4 views

EUVD-2026-9141

Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence...

6.5CVSS5.8AI score0.00394EPSS
Exploits1References9
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-7561

Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge...

8.1CVSS6.1AI score0.007EPSS
Exploits1References9
EUVD
EUVD
•added 6 days ago•5 views

EUVD-2026-7428

Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString...

8.1CVSS5.8AI score0.00759EPSS
Exploits1References13
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits1References5
EUVD
EUVD
•added 6 days ago•12 views

EUVD-2026-31975

obanweb missing authorization check on save-job event handler...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•15 views

EUVD-2026-31974

obanweb: Unbounded range expansion in cron describe causes memory exhaustion...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References6
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40376

The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' and 'url' author metadata. This is due to insufficient input sanitization and output escaping on user-supplied MF2 author properties processed by the...

7.2CVSS5.9AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
•added 6 days ago•16 views

EUVD-2026-36102

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•12 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•10 views

EUVD-2026-36100

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•13 views

EUVD-2026-36099

Fission Container Executor Function PodSpec Injection Leading to Node Escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•11 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
EUVD
EUVD
•added 6 days ago•11 views

EUVD-2026-36097

Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•9 views

EUVD-2026-36096

Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•12 views

EUVD-2026-36095

Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•9 views

EUVD-2026-36094

Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References5
EUVD
EUVD
•added 6 days ago•4 views

EUVD-2023-50377

RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API...

4.9CVSS6.2AI score0.01077EPSS
Exploits0References4
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40370

The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40369

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS5.8AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40368

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
•added 6 days ago•8 views

EUVD-2026-40367

The Zephyr netbuf library lib/netbuf/buf.c manipulated both of its reference counts -- the per-header buf-ref and the per-data-block refcount at the start of each variable/heap data allocation -- with plain non-atomic C operators buf-ref++, if --buf-ref 0, if --refcount. The API is documented as...

6.4CVSS6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
•added 6 days ago•8 views

EUVD-2022-52713

RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...

7.5CVSS7.1AI score0.00307EPSS
Exploits0References4
EUVD
EUVD
•added 6 days ago•6 views

EUVD-2026-40366

The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...

6.5CVSS6AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
•added 6 days ago•7 views

EUVD-2026-40365

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS5.8AI score0.00695EPSS
Exploits0References1
Total number of security vulnerabilities417634