Lucene search
K

418079 matches found

EUVD
EUVD
•added 2026/06/24 12:33 p.m.•10 views

EUVD-2026-38758

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References11
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•12 views

EUVD-2026-38756

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

4.8CVSS6AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•6 views

EUVD-2026-38757

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38755

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...

6.3CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38754

n8n before 1.123.25 1.x and before 2.11.2 2.x, with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can injec...

5.4CVSS5.7AI score0.00144EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•8 views

EUVD-2026-38753

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

8.2CVSS6.1AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38752

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•11 views

EUVD-2026-38751

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•9 views

EUVD-2026-38750

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•11 views

EUVD-2026-38749

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...

6.9CVSS5.9AI score0.00208EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•8 views

EUVD-2026-38747

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS5.9AI score0.00383EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38746

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•8 views

EUVD-2026-38745

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•9 views

EUVD-2026-38744

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•8 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•9 views

EUVD-2026-38742

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER recordbuildtime RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/recordbuildtime with a public AP...

8.8CVSS6AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•12 views

EUVD-2026-38741

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38740

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38739

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•9 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•7 views

EUVD-2025-210328

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•8 views

EUVD-2025-210327

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 11:53 a.m.•12 views

EUVD-2025-210326

Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...

8.5CVSS6AI score0.00283EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/24 11:12 a.m.•6 views

EUVD-2026-38736

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 10:45 a.m.•6 views

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 9:59 a.m.•8 views

EUVD-2026-38734

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.8AI score0.00165EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 9:33 a.m.•9 views

EUVD-2026-38733

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 9:0 a.m.•14 views

EUVD-2026-38732

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy reference in pskbcarve helpers pskbcarveinsideheader and pskbcarveinsidenonlinear both copy the old skbsharedinfo header into a new buffer via memcpy, which includes the destructorarg pointer uar...

5.9AI score0.0018EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 8:4 a.m.•13 views

EUVD-2026-38731

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 7:23 a.m.•8 views

EUVD-2026-38713

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38712

In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...

5.7AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•13 views

EUVD-2026-38711

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn-lnk in smcmsgevent tracepoint The smcmsgevent tracepoint class, shared by smctxsendmsg and smcrxrecvmsg, unconditionally dereferences smc-conn.lnk: stringname, smc-conn.lnk-ibname conn-lnk is onl...

5.8AI score0.00164EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•15 views

EUVD-2026-38710

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38709

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...

5.8AI score0.00164EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38708

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

5.8AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38707

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38706

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.8AI score0.00156EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38705

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

5.9AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38704

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

5.7AI score0.00247EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38702

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

5.7AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•13 views

EUVD-2026-38703

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

5.7AI score0.0012EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38701

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

5.8AI score0.00404EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38699

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

5.7AI score0.00394EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•9 views

EUVD-2026-38700

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

5.7AI score0.00165EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38698

In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...

5.7AI score0.00161EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38729

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

5.7AI score0.00164EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•10 views

EUVD-2026-38730

In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...

5.8AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 7:14 a.m.•7 views

EUVD-2026-38728

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

5.8AI score0.00164EPSS
Exploits0References8
Total number of security vulnerabilities418079