Lucene search
K

418325 matches found

EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210339

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•4 views

EUVD-2021-34853

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS6AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210337

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:4 a.m.•7 views

EUVD-2026-39599

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 11:6 p.m.•6 views

EUVD-2026-39590

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6AI score0.00545EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 11:1 p.m.•6 views

EUVD-2026-39589

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 10:43 p.m.•9 views

EUVD-2026-39588

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:39 p.m.•5 views

EUVD-2026-39587

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS6AI score0.00279EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:33 p.m.•4 views

EUVD-2026-39586

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/25 10:29 p.m.•6 views

EUVD-2026-39585

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.8AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:23 p.m.•12 views

EUVD-2026-31398

golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement...

10CVSS6.9AI score0.03153EPSS
Exploits2References7
EUVD
EUVD
•added 2026/06/25 10:22 p.m.•11 views

EUVD-2026-31399

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:21 p.m.•11 views

EUVD-2026-31400

golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes...

9.1CVSS5.8AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:21 p.m.•10 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:18 p.m.•11 views

EUVD-2026-31396

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...

7.5CVSS5.8AI score0.004EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:18 p.m.•11 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.00513EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:15 p.m.•11 views

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:15 p.m.•11 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31394

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...

6.3CVSS5.8AI score0.00303EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31390

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...

9.1CVSS5.8AI score0.00346EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:13 p.m.•9 views

EUVD-2026-31389

golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:12 p.m.•11 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 9:54 p.m.•15 views

EUVD-2026-36188

ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:54 p.m.•10 views

EUVD-2026-36187

ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:53 p.m.•9 views

EUVD-2026-36185

ImageMagick: Policy Bypass can read disallowed files via symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:52 p.m.•10 views

EUVD-2026-36184

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:50 p.m.•10 views

EUVD-2026-36183

ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems...

5.9CVSS5.8AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:49 p.m.•11 views

EUVD-2026-36182

ImageMagick Vulnerable to Stack Overflow in its MVG Decoder...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:48 p.m.•10 views

EUVD-2026-36180

ImageMagick has an Infinite Loop in subimage-search with crafted image...

4.7CVSS5.8AI score0.00092EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:46 p.m.•9 views

EUVD-2026-36179

ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:31 p.m.•9 views

EUVD-2026-38363

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:29 p.m.•6 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:26 p.m.•10 views

EUVD-2026-38381

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:25 p.m.•7 views

EUVD-2026-38382

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:22 p.m.•7 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:46 p.m.•6 views

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 p.m.•6 views

EUVD-2026-39561

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 p.m.•9 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:18 p.m.•6 views

EUVD-2026-39559

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:16 p.m.•5 views

EUVD-2026-39558

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

1CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:13 p.m.•7 views

EUVD-2026-39557

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6.1AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:11 p.m.•5 views

EUVD-2026-39556

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

1CVSS6AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:8 p.m.•6 views

EUVD-2026-39555

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS5.8AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:1 p.m.•4 views

EUVD-2026-39554

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 7:59 p.m.•6 views

EUVD-2026-39553

ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...

6.3CVSS5.9AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 7:58 p.m.•6 views

EUVD-2026-39552

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS5.9AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 7:51 p.m.•7 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Total number of security vulnerabilities418325