Lucene search
K

418285 matches found

EUVD
EUVD
added 2026/06/25 6:3 p.m.5 views

EUVD-2026-39518

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:3 p.m.7 views

EUVD-2026-39517

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:2 p.m.4 views

EUVD-2026-39516

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:1 p.m.6 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.00474EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/25 6:0 p.m.5 views

EUVD-2026-39514

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 5:57 p.m.6 views

EUVD-2026-39513

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.9AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:56 p.m.4 views

EUVD-2026-39512

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:51 p.m.6 views

EUVD-2026-39511

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...

8.7CVSS6AI score0.00323EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 5:49 p.m.6 views

EUVD-2026-39510

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:47 p.m.5 views

EUVD-2026-39509

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code...

8.4CVSS6AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:46 p.m.4 views

EUVD-2026-39508

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:43 p.m.5 views

EUVD-2026-39507

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:41 p.m.5 views

EUVD-2026-39506

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:40 p.m.6 views

EUVD-2026-39505

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:39 p.m.5 views

EUVD-2026-39504

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:37 p.m.3 views

EUVD-2026-39503

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS5.7AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:35 p.m.5 views

EUVD-2026-39502

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS6AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:32 p.m.5 views

EUVD-2026-39539

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS6AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:29 p.m.5 views

EUVD-2026-39538

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS5.8AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:28 p.m.10 views

EUVD-2026-37005

i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:28 p.m.8 views

EUVD-2026-37006

i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:22 p.m.5 views

EUVD-2026-39501

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS5.9AI score0.00111EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 5:17 p.m.5 views

EUVD-2026-39500

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 5:16 p.m.5 views

EUVD-2026-39499

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:56 p.m.5 views

EUVD-2026-39496

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS5.9AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:53 p.m.6 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:51 p.m.6 views

EUVD-2026-39491

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:46 p.m.7 views

EUVD-2026-39486

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS5.9AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:41 p.m.6 views

EUVD-2026-39482

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:35 p.m.5 views

EUVD-2026-39480

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:27 p.m.4 views

EUVD-2026-39479

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:27 p.m.5 views

EUVD-2026-39478

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS6AI score0.00278EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 4:26 p.m.13 views

EUVD-2026-39477

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7CVSS6AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39476

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:17 p.m.4 views

EUVD-2026-39475

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39473

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39472

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:8 p.m.4 views

EUVD-2026-39470

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:7 p.m.5 views

EUVD-2026-39469

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:5 p.m.5 views

EUVD-2026-39468

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:3 p.m.5 views

EUVD-2026-39467

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:59 p.m.5 views

EUVD-2026-39466

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:57 p.m.4 views

EUVD-2026-39465

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS6AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 3:54 p.m.7 views

EUVD-2026-39464

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

7.5CVSS5.9AI score0.00761EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/25 3:53 p.m.5 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:52 p.m.6 views

EUVD-2026-39462

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's toolresources e.g., context, executecode without verifying ownership or EDIT permission on the target...

6.5CVSS6AI score0.00189EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:51 p.m.5 views

EUVD-2026-39461

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.9AI score0.00159EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/25 3:50 p.m.5 views

EUVD-2026-39460

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1
Total number of security vulnerabilities418285