Lucene search
K

417654 matches found

EUVD
EUVD
added 2026/06/25 7:51 p.m.7 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:47 p.m.4 views

EUVD-2026-39551

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

5.9AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 7:47 p.m.5 views

EUVD-2026-39550

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

5.8AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 7:40 p.m.5 views

EUVD-2026-39549

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:38 p.m.3 views

EUVD-2026-39548

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:36 p.m.8 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:36 p.m.5 views

EUVD-2026-39547

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

6.3CVSS5.8AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:35 p.m.5 views

EUVD-2026-39546

Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...

8.3CVSS6.3AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:31 p.m.6 views

EUVD-2026-39545

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:30 p.m.6 views

EUVD-2026-39544

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:9 p.m.3 views

EUVD-2026-39543

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

3.5CVSS6AI score0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/25 7:9 p.m.7 views

EUVD-2026-39542

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS6AI score0.00248EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/25 7:8 p.m.5 views

EUVD-2026-39541

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/25 6:55 p.m.4 views

EUVD-2026-39540

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS5.8AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:53 p.m.7 views

EUVD-2026-38386

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:52 p.m.6 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:47 p.m.9 views

EUVD-2026-39537

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.3CVSS6.2AI score0.00637EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:47 p.m.6 views

EUVD-2026-39536

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

9.3CVSS6.2AI score0.00638EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:46 p.m.8 views

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:45 p.m.7 views

EUVD-2026-38392

Filament: Multi-factor authentication app recovery codes can still be used multiple times via concurrent submission...

7.4CVSS5.8AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:41 p.m.5 views

EUVD-2026-39535

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS5.9AI score0.00345EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:39 p.m.5 views

EUVD-2026-39534

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...

7.1CVSS6.3AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:36 p.m.4 views

EUVD-2026-39533

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:35 p.m.6 views

EUVD-2026-38389

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:34 p.m.16 views

EUVD-2026-31483

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:32 p.m.10 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:25 p.m.6 views

EUVD-2026-37140

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading...

6.8CVSS5.9AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:14 p.m.4 views

EUVD-2026-39532

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

7.3CVSS6.2AI score0.00215EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:14 p.m.4 views

EUVD-2026-39531

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:13 p.m.4 views

EUVD-2026-39530

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

4.8CVSS5.9AI score0.00119EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:12 p.m.6 views

EUVD-2026-39529

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

6.9CVSS6.2AI score0.00325EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:11 p.m.4 views

EUVD-2026-39528

RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decodetype1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream c...

9.8CVSS6.7AI score0.00422EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:11 p.m.5 views

EUVD-2026-39527

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS6AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:10 p.m.4 views

EUVD-2026-39526

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:8 p.m.5 views

EUVD-2026-39525

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:7 p.m.4 views

EUVD-2026-39524

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:6 p.m.5 views

EUVD-2026-39523

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:5 p.m.4 views

EUVD-2026-39522

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.9AI score0.00409EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39521

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS6AI score0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39520

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 6:4 p.m.5 views

EUVD-2026-39519

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:3 p.m.5 views

EUVD-2026-39518

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:3 p.m.7 views

EUVD-2026-39517

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:2 p.m.4 views

EUVD-2026-39516

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:1 p.m.6 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:0 p.m.5 views

EUVD-2026-39514

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 5:57 p.m.5 views

EUVD-2026-39513

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.9AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:56 p.m.4 views

EUVD-2026-39512

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:51 p.m.6 views

EUVD-2026-39511

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...

8.7CVSS6AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 5:49 p.m.5 views

EUVD-2026-39510

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References1
Total number of security vulnerabilities417654