Lucene search
K

417732 matches found

EUVD
EUVD
added 2026/06/25 2:39 p.m.5 views

EUVD-2026-39429

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

5.9CVSS5.9AI score0.00093EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:34 p.m.5 views

EUVD-2026-39428

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:33 p.m.5 views

EUVD-2026-39427

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:32 p.m.6 views

EUVD-2026-39426

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

6.3CVSS5.9AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:32 p.m.4 views

EUVD-2026-39425

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:32 p.m.5 views

EUVD-2026-39424

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...

6.3CVSS5.9AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:31 p.m.6 views

EUVD-2026-39423

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS5.8AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:31 p.m.5 views

EUVD-2026-39422

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:30 p.m.5 views

EUVD-2026-39421

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:29 p.m.6 views

EUVD-2026-39420

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:29 p.m.5 views

EUVD-2026-39419

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:26 p.m.5 views

EUVD-2026-39418

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:11 p.m.7 views

EUVD-2026-39417

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:11 p.m.6 views

EUVD-2026-39416

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:8 p.m.5 views

EUVD-2026-39415

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:7 p.m.4 views

EUVD-2026-39414

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:3 p.m.3 views

EUVD-2026-39413

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:53 p.m.5 views

EUVD-2026-39412

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:49 p.m.5 views

EUVD-2026-39411

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:48 p.m.4 views

EUVD-2026-39410

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS5.9AI score0.00693EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:47 p.m.4 views

EUVD-2026-39408

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:47 p.m.5 views

EUVD-2026-39409

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:43 p.m.8 views

EUVD-2026-39355

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.3CVSS5.9AI score0.00064EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:43 p.m.4 views

EUVD-2026-39354

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:42 p.m.4 views

EUVD-2026-39353

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:41 p.m.5 views

EUVD-2026-39407

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:40 p.m.5 views

EUVD-2026-39406

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:39 p.m.3 views

EUVD-2026-39405

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:38 p.m.4 views

EUVD-2026-39404

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:37 p.m.4 views

EUVD-2026-39403

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:36 p.m.7 views

EUVD-2026-39402

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

6.7CVSS5.9AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:36 p.m.5 views

EUVD-2026-39401

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:35 p.m.4 views

EUVD-2026-39400

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:34 p.m.4 views

EUVD-2026-39399

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:34 p.m.6 views

EUVD-2026-39398

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:34 p.m.5 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:32 p.m.3 views

EUVD-2026-39396

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:28 p.m.37 views

EUVD-2026-39395

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS6AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:27 p.m.4 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:26 p.m.5 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:25 p.m.3 views

EUVD-2026-39392

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS5.9AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:23 p.m.4 views

EUVD-2026-39391

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS6AI score0.00548EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:17 p.m.5 views

EUVD-2026-39390

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:17 p.m.4 views

EUVD-2026-39389

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:16 p.m.7 views

EUVD-2026-39388

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:16 p.m.5 views

EUVD-2026-39387

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.3 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39384

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.7 views

EUVD-2026-39385

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
Total number of security vulnerabilities417732