Lucene search
K

418058 matches found

EUVD
EUVD
added 2026/06/23 6:7 p.m.6 views

EUVD-2026-38562

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:6 p.m.6 views

EUVD-2026-38561

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 p.m.3 views

EUVD-2020-31259

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

7.8CVSS6.4AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:58 p.m.6 views

EUVD-2020-31258

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:56 p.m.11 views

EUVD-2026-38560

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:55 p.m.6 views

EUVD-2026-38559

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.8AI score0.00144EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:52 p.m.5 views

EUVD-2026-38558

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:50 p.m.6 views

EUVD-2026-38557

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS5.9AI score0.00409EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:47 p.m.6 views

EUVD-2026-38556

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:47 p.m.5 views

EUVD-2020-31257

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:43 p.m.16 views

EUVD-2026-38555

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS6.1AI score0.0178EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:42 p.m.6 views

EUVD-2026-38554

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 5:40 p.m.6 views

EUVD-2026-38553

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/23 5:39 p.m.6 views

EUVD-2026-38552

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:36 p.m.5 views

EUVD-2026-38551

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 5:26 p.m.6 views

EUVD-2026-38550

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

9.1CVSS5.8AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 5:24 p.m.4 views

EUVD-2026-38549

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:24 p.m.5 views

EUVD-2026-38548

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

7.4CVSS5.9AI score0.00142EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:22 p.m.3 views

EUVD-2026-38547

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS6AI score0.00144EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:21 p.m.4 views

EUVD-2025-210322

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...

7.1CVSS6AI score0.00316EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/23 5:20 p.m.5 views

EUVD-2026-38546

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS6.1AI score0.00283EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:19 p.m.5 views

EUVD-2026-38545

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS5.9AI score0.00135EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:18 p.m.5 views

EUVD-2026-38544

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS5.8AI score0.00111EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 5:16 p.m.6 views

EUVD-2026-38543

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:15 p.m.7 views

EUVD-2026-38542

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:14 p.m.6 views

EUVD-2026-38541

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:13 p.m.8 views

EUVD-2026-38540

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied ...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 5:8 p.m.8 views

EUVD-2026-38539

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...

9.3CVSS6AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:6 p.m.10 views

EUVD-2026-38538

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS5.9AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 5:3 p.m.6 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 4:51 p.m.5 views

EUVD-2026-38536

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim...

7.1CVSS5.8AI score0.00162EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:50 p.m.7 views

EUVD-2026-38535

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/eventid/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar...

4.3CVSS5.9AI score0.00179EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:50 p.m.8 views

EUVD-2026-38534

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS5.9AI score0.00203EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:49 p.m.7 views

EUVD-2026-38533

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:48 p.m.5 views

EUVD-2026-38532

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary fileid values to their own chat message without checking whether they own or can read those files. If the attacker then shares...

8.3CVSS6AI score0.00241EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:47 p.m.7 views

EUVD-2026-38531

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS6AI score0.002EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:47 p.m.7 views

EUVD-2026-38530

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS6AI score0.00198EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:46 p.m.7 views

EUVD-2026-38529

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS5.8AI score0.00174EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:45 p.m.6 views

EUVD-2026-38528

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:44 p.m.6 views

EUVD-2026-38527

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:43 p.m.6 views

EUVD-2026-38526

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS6AI score0.00226EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:42 p.m.8 views

EUVD-2026-38525

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

7.7CVSS5.9AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:41 p.m.8 views

EUVD-2026-38524

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS5.8AI score0.00366EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/23 4:40 p.m.7 views

EUVD-2026-38523

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/23 4:39 p.m.5 views

EUVD-2026-38522

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 4:38 p.m.8 views

EUVD-2026-38521

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:31 p.m.12 views

EUVD-2026-38520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS6.1AI score0.00249EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:30 p.m.6 views

EUVD-2026-38519

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:29 p.m.6 views

EUVD-2026-38518

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS5.9AI score0.00313EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/23 4:28 p.m.7 views

EUVD-2026-38517

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS5.9AI score0.00233EPSS
Exploits2References2
Total number of security vulnerabilities418058