Lucene search
K

417709 matches found

EUVD
EUVD
•added 2026/06/25 1:42 p.m.•4 views

EUVD-2026-39353

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:41 p.m.•5 views

EUVD-2026-39407

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:40 p.m.•4 views

EUVD-2026-39406

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:39 p.m.•3 views

EUVD-2026-39405

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:38 p.m.•4 views

EUVD-2026-39404

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:37 p.m.•4 views

EUVD-2026-39403

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:36 p.m.•7 views

EUVD-2026-39402

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

6.7CVSS5.9AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:36 p.m.•5 views

EUVD-2026-39401

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:35 p.m.•4 views

EUVD-2026-39400

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:34 p.m.•4 views

EUVD-2026-39399

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:34 p.m.•6 views

EUVD-2026-39398

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:34 p.m.•5 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 1:32 p.m.•3 views

EUVD-2026-39396

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:28 p.m.•37 views

EUVD-2026-39395

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS6AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:27 p.m.•4 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 1:26 p.m.•5 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:25 p.m.•3 views

EUVD-2026-39392

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:23 p.m.•4 views

EUVD-2026-39391

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS6AI score0.00548EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:17 p.m.•5 views

EUVD-2026-39390

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:17 p.m.•4 views

EUVD-2026-39389

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:16 p.m.•7 views

EUVD-2026-39388

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:16 p.m.•5 views

EUVD-2026-39387

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•3 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•7 views

EUVD-2026-39385

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39381

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39382

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39380

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39379

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39378

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS5.9AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39377

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39376

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39375

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39374

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39373

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•7 views

EUVD-2026-39372

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•8 views

EUVD-2026-39371

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39370

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39369

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•4 views

EUVD-2026-39368

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39367

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•7 views

EUVD-2026-39366

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39365

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•6 views

EUVD-2026-39363

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS5.8AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•7 views

EUVD-2026-39364

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS5.9AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39362

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:12 p.m.•5 views

EUVD-2026-39361

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:1 p.m.•4 views

EUVD-2026-39360

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 1:1 p.m.•4 views

EUVD-2026-39359

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Total number of security vulnerabilities417709