Lucene search
K

417623 matches found

EUVD
EUVD
added 2026/06/26 11:3 p.m.12 views

EUVD-2026-36598

Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwtsecretkey...

9.1CVSS5.8AI score0.00451EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 11:2 p.m.8 views

EUVD-2026-36600

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 11:0 p.m.12 views

EUVD-2026-36599

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:59 p.m.6 views

EUVD-2026-39495

pnpm binds unscoped user-level npm auth credentials to a repository-selected registry...

6.9CVSS5.8AI score0.00254EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:55 p.m.7 views

EUVD-2026-39494

pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement...

8.8CVSS5.8AI score0.00326EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:53 p.m.7 views

EUVD-2026-39490

pnpm: Git Fetch Argument Injection via Lockfile resolution.commit...

6.4CVSS5.8AI score0.0018EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:53 p.m.9 views

EUVD-2026-39488

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:52 p.m.6 views

EUVD-2026-39489

pnpm: Unsafe default behavior breaks integrity check...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 10:32 p.m.9 views

EUVD-2026-38083

Authelia has an Edge Case Access Control Rule Mismatch...

2.3CVSS5.8AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:29 p.m.10 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:23 p.m.8 views

EUVD-2026-38061

@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:21 p.m.8 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/26 10:15 p.m.9 views

EUVD-2026-38057

Statamic CMS's unsafe method invocation via collection sorting allows data destruction...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:12 p.m.8 views

EUVD-2026-38059

Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:11 p.m.8 views

EUVD-2026-38054

PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 10:10 p.m.10 views

EUVD-2026-38036

PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles...

3CVSS5.9AI score0.00112EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 10:10 p.m.8 views

EUVD-2026-38053

PhpWeasyPrint vulnerable to PHAR deserialization via output filename CVE-2023-28115 case-insensitive bypass...

9.8CVSS7.3AI score0.0276EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 10:1 p.m.15 views

EUVD-2026-31691

Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 10:0 p.m.17 views

EUVD-2026-31694

Hackney has unbounded buffer accumulation in WebSocket...

8.7CVSS5.9AI score0.00825EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:59 p.m.14 views

EUVD-2026-31690

Hackney has CRLF / header injection in WebSocket upgrade request...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:58 p.m.15 views

EUVD-2026-31687

Hackney has CR/LF injection in query parameter...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:57 p.m.17 views

EUVD-2026-32861

Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 9:56 p.m.14 views

EUVD-2026-31692

Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body...

6.1CVSS5.8AI score0.00348EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:54 p.m.13 views

EUVD-2026-31689

Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:54 p.m.13 views

EUVD-2026-31683

Hackney has CRLF / header injection via unvalidated domain and path options...

5.3CVSS5.8AI score0.00374EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:53 p.m.12 views

EUVD-2026-31685

Hackney: ssl:connect/2 post-handshake upgrade has no timeout...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:53 p.m.15 views

EUVD-2026-31686

Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 9:50 p.m.10 views

EUVD-2026-38016

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:49 p.m.6 views

EUVD-2026-39497

pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile...

7.5CVSS5.8AI score0.00116EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 9:48 p.m.22 views

EUVD-2026-31658

Cargo crates in third party registries can override the cached source of other crates...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:47 p.m.13 views

EUVD-2026-31654

Cargo can be coerced to share credentials between registries...

6.5CVSS7.1AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:46 p.m.8 views

EUVD-2026-38048

php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted isexecutable guard mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:5 p.m.9 views

EUVD-2026-37951

mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...

10CVSS5.8AI score0.00498EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:5 p.m.11 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 9:4 p.m.9 views

EUVD-2026-38058

mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call...

8.1CVSS5.8AI score0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 9:3 p.m.11 views

EUVD-2026-37943

deepstream is vulnerable to prototype pollution...

9.9CVSS5.8AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:0 p.m.13 views

EUVD-2026-37807

CakePHP: View::element is missing a path containment check...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 8:59 p.m.11 views

EUVD-2026-37805

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 8:58 p.m.8 views

EUVD-2026-39922

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath.endsWith"/configs" to whitelist the public configuration endpoint from Basic Auth. Because the check is a suffix match rather than an exact path match...

10CVSS6.4AI score0.00684EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/26 8:57 p.m.8 views

EUVD-2026-39921

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...

7.7CVSS6AI score0.00386EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:55 p.m.12 views

EUVD-2026-37798

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 8:55 p.m.8 views

EUVD-2026-39920

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

7.7CVSS6AI score0.00386EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:54 p.m.6 views

EUVD-2026-39919

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS5.8AI score0.00472EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/26 8:52 p.m.7 views

EUVD-2026-39918

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:50 p.m.6 views

EUVD-2026-39917

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS5.8AI score0.00158EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:45 p.m.8 views

EUVD-2026-39916

Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the interna...

8.2CVSS6AI score0.00461EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:44 p.m.8 views

EUVD-2026-39915

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:44 p.m.7 views

EUVD-2026-39914

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS5.8AI score0.00538EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 8:41 p.m.7 views

EUVD-2026-39913

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...

8.2CVSS5.8AI score0.00415EPSS
Exploits1References1
Total number of security vulnerabilities417623