Lucene search
K

418343 matches found

EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39580

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS5.8AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•4 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39582

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score0.00147EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39567

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2025-210340

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

9.8CVSS6.3AI score0.00895EPSS
Exploits1References5
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2025-210344

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39578

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•8 views

EUVD-2026-39584

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.9AI score0.00115EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2026-39583

Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

6AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•5 views

EUVD-2026-39577

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•5 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210343

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS6.7AI score0.00639EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2025-210342

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS6.8AI score0.00757EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•5 views

EUVD-2025-210341

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...

8.6CVSS5.9AI score0.00266EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•5 views

EUVD-2020-31260

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•6 views

EUVD-2025-210338

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

8.7CVSS6AI score0.00327EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210339

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•4 views

EUVD-2021-34853

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS6AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210337

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:32 a.m.•7 views

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/26 12:4 a.m.•7 views

EUVD-2026-39599

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 11:6 p.m.•6 views

EUVD-2026-39590

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6AI score0.00545EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 11:1 p.m.•6 views

EUVD-2026-39589

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 10:43 p.m.•9 views

EUVD-2026-39588

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:39 p.m.•5 views

EUVD-2026-39587

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS6AI score0.00279EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:33 p.m.•4 views

EUVD-2026-39586

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References3
EUVD
EUVD
•added 2026/06/25 10:29 p.m.•6 views

EUVD-2026-39585

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.8AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/25 10:23 p.m.•12 views

EUVD-2026-31398

golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement...

10CVSS6.9AI score0.03153EPSS
Exploits2References7
EUVD
EUVD
•added 2026/06/25 10:22 p.m.•11 views

EUVD-2026-31399

golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status...

9.1CVSS5.8AI score0.00469EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:21 p.m.•11 views

EUVD-2026-31400

golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes...

9.1CVSS5.8AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:21 p.m.•10 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:18 p.m.•11 views

EUVD-2026-31396

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...

7.5CVSS5.8AI score0.004EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:18 p.m.•11 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.00513EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:15 p.m.•11 views

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:15 p.m.•11 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31394

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...

6.3CVSS5.8AI score0.00303EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:14 p.m.•11 views

EUVD-2026-31390

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...

9.1CVSS5.8AI score0.00346EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 10:13 p.m.•9 views

EUVD-2026-31389

golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 10:12 p.m.•11 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 9:54 p.m.•15 views

EUVD-2026-36188

ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:54 p.m.•11 views

EUVD-2026-36187

ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:53 p.m.•9 views

EUVD-2026-36185

ImageMagick: Policy Bypass can read disallowed files via symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 9:52 p.m.•10 views

EUVD-2026-36184

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:50 p.m.•10 views

EUVD-2026-36183

ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems...

5.9CVSS5.8AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:49 p.m.•11 views

EUVD-2026-36182

ImageMagick Vulnerable to Stack Overflow in its MVG Decoder...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 9:48 p.m.•10 views

EUVD-2026-36180

ImageMagick has an Infinite Loop in subimage-search with crafted image...

4.7CVSS5.8AI score0.00092EPSS
Exploits0References3
Total number of security vulnerabilities418343