Lucene search
K

418192 matches found

EUVD
EUVD
β€’added 2026/06/25 3:42 a.m.β€’5 views

EUVD-2026-39164

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
β€’added 2026/06/25 3:42 a.m.β€’5 views

EUVD-2026-39165

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/25 1:56 a.m.β€’5 views

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 1:51 a.m.β€’6 views

EUVD-2026-39162

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 1:35 a.m.β€’5 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 1:32 a.m.β€’9 views

EUVD-2026-39160

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 1:28 a.m.β€’6 views

EUVD-2026-39159

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 1:12 a.m.β€’9 views

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 12:52 a.m.β€’4 views

EUVD-2026-39157

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39144

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’6 views

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.4AI score0.01373EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’6 views

EUVD-2026-39146

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’6 views

EUVD-2026-39145

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’7 views

EUVD-2026-39147

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39151

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39139

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39140

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39141

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’6 views

EUVD-2026-39142

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.5AI score0.00689EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39149

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’8 views

EUVD-2026-39117

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS7.6AI score0.00376EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’4 views

EUVD-2026-39108

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS7.8AI score0.01114EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39113

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

5.5CVSS6.4AI score0.01195EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’8 views

EUVD-2025-210334

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.5CVSS5.9AI score0.00141EPSS
Exploits1References6
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’6 views

EUVD-2025-210335

A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References6
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’3 views

EUVD-2026-39112

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS6.4AI score0.01195EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’3 views

EUVD-2026-39116

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS7.6AI score0.01477EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’4 views

EUVD-2026-39115

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

7.2CVSS7.6AI score0.01477EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39114

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific fl...

7.5CVSS7AI score0.0158EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39109

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

8.8CVSS7.8AI score0.01126EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2025-210331

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

7.5CVSS5.9AI score0.0051EPSS
Exploits1References6
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’7 views

EUVD-2025-210330

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5CVSS5.9AI score0.00121EPSS
Exploits1References6
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’3 views

EUVD-2026-39100

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’7 views

EUVD-2025-210332

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

5.5CVSS5.7AI score0.0013EPSS
Exploits1References6
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’4 views

EUVD-2026-39130

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00552EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’4 views

EUVD-2026-39110

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.6AI score0.00294EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39156

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

7.4CVSS5.8AI score0.00125EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/25 12:33 a.m.β€’5 views

EUVD-2026-39155

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS6AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 12:29 a.m.β€’5 views

EUVD-2026-39154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS6AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 12:25 a.m.β€’8 views

EUVD-2026-39153

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS6.2AI score0.00916EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/25 12:7 a.m.β€’7 views

EUVD-2026-39152

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/06/24 11:26 p.m.β€’6 views

EUVD-2026-39150

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

8.6CVSS5.8AI score0.01113EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 11:14 p.m.β€’5 views

EUVD-2026-39143

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

7.6CVSS5.9AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 11:6 p.m.β€’6 views

EUVD-2026-39138

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS5.9AI score0.00456EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 10:49 p.m.β€’5 views

EUVD-2026-39137

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 10:41 p.m.β€’5 views

EUVD-2026-39136

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References2
EUVD
EUVD
β€’added 2026/06/24 10:37 p.m.β€’5 views

EUVD-2026-39135

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 10:33 p.m.β€’5 views

EUVD-2026-39134

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 10:0 p.m.β€’5 views

EUVD-2026-39133

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
β€’added 2026/06/24 9:55 p.m.β€’5 views

EUVD-2026-39132

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References3
Total number of security vulnerabilities418192