Euvd - Vulnerabilities List

EUVD•added 2 hours ago•6 views

EUVD-2026-35675

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability...

6.2CVSS5.1AI score0.00301EPSS

EUVD•added 2 hours ago•3 views

EUVD-2026-37122

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

8.8CVSS5.3AI score

EUVD•added 2 hours ago•2 views

EUVD-2026-37121

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS5.3AI score

EUVD•added 2 hours ago•2 views

EUVD-2026-37120

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...

8.2CVSS5.3AI score0.00039EPSS

EUVD•added 2 hours ago•3 views

EUVD-2024-55620

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...

6.7CVSS5.7AI score

EUVD-2025-210169

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

8.3CVSS5.5AI score

EUVD-2025-210168

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token...

9.2CVSS5.3AI score

EUVD•added 3 hours ago•5 views

EUVD-2026-36428

Nuxt: Reflected XSS in via unsanitised javascript: or data: URL...

5.4CVSS5.1AI score0.00198EPSS

EUVD•added 3 hours ago•5 views

EUVD-2026-36427

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher...

8.8CVSS5.2AI score0.00294EPSS

EUVD-2026-37119

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS5.4AI score

EUVD•added 3 hours ago•9 views

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

6.9CVSS5.1AI score0.00129EPSS

EUVD-2026-37118

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...

6.3CVSS5.3AI score

EUVD-2025-210167

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score

EUVD-2026-37117

Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...

4.2CVSS5.4AI score

EUVD-2026-37116

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

4.8CVSS5.6AI score

EUVD-2026-37115

subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...

5.9CVSS5.6AI score

EUVD•added 3 hours ago•3 views

EUVD-2026-37114

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

5.9CVSS5.4AI score

EUVD-2026-37113

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

3.7CVSS5.4AI score

EUVD•added 3 hours ago•3 views

EUVD-2026-37112

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...

8.7CVSS5.3AI score

EUVD•added 5 hours ago•2 views

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS5.4AI score