Lucene search
K

417703 matches found

EUVD
EUVD
added 2026/06/25 5:46 p.m.4 views

EUVD-2026-39508

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:43 p.m.5 views

EUVD-2026-39507

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:41 p.m.5 views

EUVD-2026-39506

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:40 p.m.6 views

EUVD-2026-39505

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:39 p.m.5 views

EUVD-2026-39504

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:37 p.m.3 views

EUVD-2026-39503

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS5.7AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:35 p.m.5 views

EUVD-2026-39502

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS6AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:32 p.m.4 views

EUVD-2026-39539

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS6AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:29 p.m.5 views

EUVD-2026-39538

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS5.8AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:28 p.m.7 views

EUVD-2026-37005

i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:28 p.m.8 views

EUVD-2026-37006

i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:22 p.m.5 views

EUVD-2026-39501

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 5:17 p.m.4 views

EUVD-2026-39500

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 5:16 p.m.5 views

EUVD-2026-39499

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:56 p.m.5 views

EUVD-2026-39496

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS5.9AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:53 p.m.6 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:51 p.m.6 views

EUVD-2026-39491

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:46 p.m.7 views

EUVD-2026-39486

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS5.9AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:41 p.m.6 views

EUVD-2026-39482

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:35 p.m.5 views

EUVD-2026-39480

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:27 p.m.4 views

EUVD-2026-39479

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:27 p.m.5 views

EUVD-2026-39478

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:26 p.m.13 views

EUVD-2026-39477

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7CVSS6AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39476

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:17 p.m.4 views

EUVD-2026-39475

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39473

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39472

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:16 p.m.4 views

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:8 p.m.4 views

EUVD-2026-39470

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:7 p.m.5 views

EUVD-2026-39469

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:5 p.m.4 views

EUVD-2026-39468

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:3 p.m.5 views

EUVD-2026-39467

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:59 p.m.5 views

EUVD-2026-39466

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:57 p.m.4 views

EUVD-2026-39465

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:54 p.m.7 views

EUVD-2026-39464

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

7.5CVSS5.9AI score0.00761EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/25 3:53 p.m.5 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:52 p.m.6 views

EUVD-2026-39462

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's toolresources e.g., context, executecode without verifying ownership or EDIT permission on the target...

6.5CVSS6AI score0.00189EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:51 p.m.5 views

EUVD-2026-39461

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.9AI score0.00159EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:50 p.m.5 views

EUVD-2026-39460

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:50 p.m.4 views

EUVD-2026-39459

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS6AI score0.00567EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:49 p.m.5 views

EUVD-2026-39458

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:48 p.m.4 views

EUVD-2026-39457

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...

8CVSS5.9AI score0.00113EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:45 p.m.6 views

EUVD-2026-39456

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS6AI score0.0015EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:43 p.m.4 views

EUVD-2026-39455

socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read...

9.2CVSS6.2AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:39 p.m.5 views

EUVD-2026-39454

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:39 p.m.4 views

EUVD-2026-39453

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...

6.7CVSS5.9AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:34 p.m.5 views

EUVD-2026-39452

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:32 p.m.7 views

EUVD-2026-39451

Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:31 p.m.5 views

EUVD-2026-39450

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References3
Total number of security vulnerabilities417703