417791 matches found
EUVD-2026-41948
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
EUVD-2026-41947
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...
EUVD-2026-41946
HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...
EUVD-2026-41945
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing...
EUVD-2026-41944
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...
EUVD-2026-41943
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...
EUVD-2026-41942
Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...
EUVD-2026-41941
Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...
EUVD-2026-41940
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...
EUVD-2026-41939
Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...
EUVD-2026-41938
Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...
EUVD-2026-25014
printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...
EUVD-2026-25006
uucore: safetraversal TOCTOU protection only enabled on Linux...
EUVD-2026-25012
mv: symlinks expanded during cross-device move resource exhaustion / data duplication...
EUVD-2026-24998
cp: -R reads device nodes as streams, destroying device semantics...
EUVD-2026-25008
rm: 'rm -rf ./' and ./// variants silently deletes current directory contents, bypassing dot protection...
EUVD-2026-41937
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...
EUVD-2026-24979
comm: FIFO/pipe inputs are drained before comparison data loss / hang...
EUVD-2026-25018
id: groups= computed from real GID instead of effective GID...
EUVD-2026-41936
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...
EUVD-2026-24988
mkdir: -m exposes directory with umask perms before chmod race window...
EUVD-2026-24981
rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...
EUVD-2026-41935
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...
EUVD-2026-41934
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...
EUVD-2026-41933
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...
EUVD-2026-41932
Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...
EUVD-2026-41931
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...
EUVD-2026-41930
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...
EUVD-2026-41929
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...
EUVD-2026-41928
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
EUVD-2026-41927
Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...
EUVD-2026-41926
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...
EUVD-2025-210438
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
EUVD-2025-210437
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
EUVD-2025-210436
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...
EUVD-2026-41925
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...
EUVD-2026-41924
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...
EUVD-2026-41923
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
EUVD-2026-25019
id: pretty-print uses effective GID instead of effective UID for name lookup...
EUVD-2026-25017
kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes system crash / DoS...
EUVD-2026-24994
install -D: symlink race in directory creation allows arbitrary file overwrite...
EUVD-2026-24973
cut: -s only-delimited ignored when delimiter is a newline...
EUVD-2026-24992
install: TOCTOU symlink race unlink-then-create without OEXCL allows arbitrary file overwrite...
EUVD-2026-25022
ln: rejects non-UTF-8 source filenames in target-directory mode...
EUVD-2026-24978
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...
EUVD-2026-24971
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...
EUVD-2026-41921
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...
EUVD-2026-41920
DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...
EUVD-2026-41916
Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...
EUVD-2026-41915
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...