Lucene search
K

417791 matches found

EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41948

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS6AI score
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41947

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41946

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41945

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing...

6.9CVSS6AI score0.00028EPSS
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41944

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41943

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS6.6AI score
Exploits1References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-41942

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS6AI score
Exploits0References4
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41941

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score
Exploits0References4
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41940

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score
Exploits0References3
EUVD
EUVD
•added 2 hours ago•1 views

EUVD-2026-41939

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS6.3AI score
Exploits0References3
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-41938

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
•added 2 hours ago•4 views

EUVD-2026-25014

printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References6
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-25006

uucore: safetraversal TOCTOU protection only enabled on Linux...

3.6CVSS6AI score0.0018EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-24998

cp: -R reads device nodes as streams, destroying device semantics...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References6
EUVD
EUVD
•added 2 hours ago•12 views

EUVD-2026-25008

rm: 'rm -rf ./' and ./// variants silently deletes current directory contents, bypassing dot protection...

5.6CVSS5.9AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41937

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score
Exploits0References3
EUVD
EUVD
•added 2 hours ago•7 views

EUVD-2026-24979

comm: FIFO/pipe inputs are drained before comparison data loss / hang...

4.4CVSS5.9AI score0.00134EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41936

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score
Exploits0References2
EUVD
EUVD
•added 2 hours ago•6 views

EUVD-2026-24988

mkdir: -m exposes directory with umask perms before chmod race window...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-24981

rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•1 views

EUVD-2026-41935

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...

8.6CVSS6AI score
Exploits0References2
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41934

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS6.4AI score
Exploits0References2
EUVD
EUVD
•added 2 hours ago•1 views

EUVD-2026-41933

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...

7.8CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41932

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...

8.8CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41931

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...

5.3CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41930

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...

7.1CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41929

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41928

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41927

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41926

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks...

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2025-210438

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...

6.6CVSS6.1AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2025-210437

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

6.6CVSS6.1AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2025-210436

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...

6.6CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41925

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS6AI score
Exploits0References4
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41924

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score
Exploits0References3
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41923

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•5 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
EUVD
EUVD
•added 2 hours ago•6 views

EUVD-2026-25017

kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes system crash / DoS...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•5 views

EUVD-2026-24994

install -D: symlink race in directory creation allows arbitrary file overwrite...

6.3CVSS6AI score0.00107EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•7 views

EUVD-2026-24973

cut: -s only-delimited ignored when delimiter is a newline...

3.3CVSS6AI score0.00135EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-24992

install: TOCTOU symlink race unlink-then-create without OEXCL allows arbitrary file overwrite...

6.3CVSS6AI score0.00117EPSS
Exploits1References5
EUVD
EUVD
•added 2 hours ago•6 views

EUVD-2026-25022

ln: rejects non-UTF-8 source filenames in target-directory mode...

5.5CVSS5.9AI score0.00121EPSS
Exploits1References3
EUVD
EUVD
•added 2 hours ago•7 views

EUVD-2026-24978

comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...

3.3CVSS5.9AI score0.00175EPSS
Exploits1References6
EUVD
EUVD
•added 2 hours ago•8 views

EUVD-2026-24971

mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...

3.3CVSS5.9AI score0.00132EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41921

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41920

DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

5.5CVSS6AI score
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-41916

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS5.9AI score0.00024EPSS
Exploits0References3
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-41915

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score
Exploits0References1
Total number of security vulnerabilities417791