Lucene search
K

418162 matches found

EUVD
EUVD
added 2026/06/24 8:52 p.m.5 views

EUVD-2026-39090

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:51 p.m.6 views

EUVD-2026-39089

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 8:45 p.m.4 views

EUVD-2026-39088

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

7.2CVSS5.8AI score0.18993EPSS
Exploits16References2
EUVD
EUVD
added 2026/06/24 8:39 p.m.4 views

EUVD-2026-39087

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:39 p.m.5 views

EUVD-2026-39086

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the...

5.2CVSS5.8AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:35 p.m.4 views

EUVD-2026-39085

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result o...

8.5CVSS6AI score0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 8:33 p.m.5 views

EUVD-2026-39084

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...

10CVSS6.1AI score0.01107EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:32 p.m.3 views

EUVD-2026-39083

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...

7.1CVSS5.9AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:31 p.m.4 views

EUVD-2026-39082

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component —...

9CVSS5.9AI score0.00474EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:30 p.m.5 views

EUVD-2026-39081

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:29 p.m.8 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:29 p.m.5 views

EUVD-2026-39079

Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives the account-activation lifetime, not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted fr...

6.8CVSS5.9AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:28 p.m.5 views

EUVD-2026-39078

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:27 p.m.5 views

EUVD-2026-39077

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:26 p.m.6 views

EUVD-2026-39076

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS6AI score0.00677EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:25 p.m.5 views

EUVD-2026-39075

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:22 p.m.6 views

EUVD-2026-39074

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:21 p.m.4 views

EUVD-2026-39073

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:20 p.m.4 views

EUVD-2026-39072

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3...

7CVSS5.9AI score0.00499EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:19 p.m.5 views

EUVD-2026-39071

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:18 p.m.5 views

EUVD-2026-39070

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddres...

8.1CVSS5.9AI score0.00569EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:18 p.m.4 views

EUVD-2026-39069

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be add...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:17 p.m.5 views

EUVD-2026-39068

Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. All redirects in Gogs that are validated via the IsSameSite...

5.4CVSS6AI score0.00554EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:15 p.m.5 views

EUVD-2026-39067

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:14 p.m.4 views

EUVD-2026-39066

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS6AI score0.00429EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:13 p.m.6 views

EUVD-2026-39065

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 8:9 p.m.6 views

EUVD-2026-39064

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability ...

8.3CVSS6.8AI score0.01193EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/24 8:7 p.m.5 views

EUVD-2026-39063

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS6AI score0.00864EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:6 p.m.6 views

EUVD-2026-39062

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:3 p.m.5 views

EUVD-2025-210329

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 8:1 p.m.4 views

EUVD-2026-39061

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS5.9AI score0.01553EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:50 p.m.5 views

EUVD-2026-39060

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:48 p.m.5 views

EUVD-2026-39059

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:47 p.m.5 views

EUVD-2026-39058

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 7:47 p.m.7 views

EUVD-2026-39057

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability...

7.3CVSS6AI score0.00096EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:43 p.m.5 views

EUVD-2026-39056

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:41 p.m.4 views

EUVD-2026-39055

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS5.9AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:40 p.m.5 views

EUVD-2026-39054

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:39 p.m.5 views

EUVD-2026-39053

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...

8.7CVSS5.9AI score0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:24 p.m.4 views

EUVD-2026-39052

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 7:21 p.m.6 views

EUVD-2026-39051

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS5.9AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 7:17 p.m.5 views

EUVD-2026-39050

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.2AI score0.00404EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.4 views

EUVD-2026-39049

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.8CVSS6.2AI score0.00105EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39048

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00233EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39046

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.7CVSS5.8AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.9 views

EUVD-2026-39047

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: High...

8.8CVSS6.3AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.6 views

EUVD-2026-39045

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39043

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS5.9AI score0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.4 views

EUVD-2026-39044

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.4 views

EUVD-2026-39040

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.9AI score0.00184EPSS
Exploits0References2
Total number of security vulnerabilities418162