412555 matches found
EUVD-2026-34232
Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3...
EUVD-2026-34231
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...
EUVD-2026-34230
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
EUVD-2026-34229
The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...
EUVD-2026-34228
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...
EUVD-2026-34227
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
EUVD-2026-34226
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...
EUVD-2026-34225
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...
EUVD-2026-34224
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...
EUVD-2026-34223
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...
EUVD-2026-34222
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
EUVD-2026-34221
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
EUVD-2026-34220
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...
EUVD-2026-34219
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
EUVD-2026-34218
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
EUVD-2026-34217
System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...
EUVD-2026-34216
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
EUVD-2026-34215
Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...
EUVD-2026-34214
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
EUVD-2026-34213
The debugging routine SCREENCLICK5053 enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface...
EUVD-2026-34212
Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...
EUVD-2026-34211
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
EUVD-2026-34210
The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...
EUVD-2026-34209
The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...
EUVD-2026-34208
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...
EUVD-2026-34207
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...
EUVD-2026-34206
libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...
EUVD-2026-34205
The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...
EUVD-2026-34204
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
EUVD-2026-34200
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
EUVD-2026-34199
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
EUVD-2026-34198
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
EUVD-2026-34197
PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...
EUVD-2026-34196
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
EUVD-2026-34195
Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...
EUVD-2026-34194
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
EUVD-2026-34193
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...
EUVD-2026-34192
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
EUVD-2026-34191
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
EUVD-2026-34190
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...
EUVD-2026-34181
OpenStack Ironic through 35.0.x allows Boot Script Injection...
EUVD-2026-34186
A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...
EUVD-2026-34183
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
EUVD-2026-34185
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...
EUVD-2026-34184
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
EUVD-2026-34182
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
EUVD-2026-34187
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
EUVD-2026-34188
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
EUVD-2026-34189
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
EUVD-2026-34203
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...