418325 matches found
EUVD-2025-210339
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...
EUVD-2021-34853
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...
EUVD-2021-34852
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...
EUVD-2025-210337
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...
EUVD-2025-210336
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...
EUVD-2026-39599
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
EUVD-2026-39590
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
EUVD-2026-39589
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...
EUVD-2026-39588
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...
EUVD-2026-39587
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...
EUVD-2026-39586
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...
EUVD-2026-39585
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...
EUVD-2026-31398
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement...
EUVD-2026-31399
golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status...
EUVD-2026-31400
golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes...
EUVD-2026-31395
golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...
EUVD-2026-31396
golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...
EUVD-2026-31397
golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...
EUVD-2026-31392
golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...
EUVD-2026-31393
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...
EUVD-2026-31394
golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...
EUVD-2026-31388
golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...
EUVD-2026-31390
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...
EUVD-2026-31389
golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...
EUVD-2026-31402
golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...
EUVD-2026-36188
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...
EUVD-2026-36187
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition...
EUVD-2026-36185
ImageMagick: Policy Bypass can read disallowed files via symlink...
EUVD-2026-36184
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...
EUVD-2026-36183
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems...
EUVD-2026-36182
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder...
EUVD-2026-36180
ImageMagick has an Infinite Loop in subimage-search with crafted image...
EUVD-2026-36179
ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method...
EUVD-2026-38363
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments...
EUVD-2026-38380
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...
EUVD-2026-38381
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...
EUVD-2026-38382
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length...
EUVD-2026-38383
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...
EUVD-2026-39562
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...
EUVD-2026-39561
Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...
EUVD-2026-39560
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
EUVD-2026-39559
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
EUVD-2026-39558
Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...
EUVD-2026-39557
A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...
EUVD-2026-39556
The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...
EUVD-2026-39555
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...
EUVD-2026-39554
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
EUVD-2026-39553
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...
EUVD-2026-39552
The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...
EUVD-2026-38384
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...