Lucene search
K

418274 matches found

EUVD
EUVD
•added 1 hour ago•5 views

EUVD-2026-42077

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE...

8.3CVSS6.7AI score
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42431

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42430

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42427

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42426

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

6.5CVSS
Exploits0References9
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42425

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate...

6.5CVSS
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42424

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.joinstorageRoot, name and fs.rimraf witho...

8.6CVSS
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42423

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42422

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber'...

2.3CVSS
Exploits0References7
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42421

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested $or, $and, and $nor query condition operators in the REST API or LiveQuery query handling could trigger exponential-time processing in the...

8.7CVSS
Exploits0References7
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42420

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42419

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42418

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

4.7CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42417

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42416

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42415

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•1 views

EUVD-2026-42413

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42412

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42411

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

5.5CVSS
Exploits0References5
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42410

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2025-210442

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42409

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...

7.5CVSS
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42407

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42405

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42404

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42403

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS
Exploits0References2
EUVD
EUVD
•added 1 hour ago•1 views

EUVD-2026-42402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42401

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS
Exploits0References1
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42400

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42399

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS
Exploits0References3
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42395

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS
Exploits0References4
EUVD
EUVD
•added 1 hour ago•2 views

EUVD-2026-42394

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS
Exploits0References4
EUVD
EUVD
•added 2 hours ago•10 views

EUVD-2026-36117

Sharp Missing Authorization Check in Quick Creation Command Endpoints...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42393

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS
Exploits0References9
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42391

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

6.8CVSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42390

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42389

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42388

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42348

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42347

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42346

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42345

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42387

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS
Exploits0References5
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42386

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS
Exploits0References4
EUVD
EUVD
•added 2 hours ago•2 views

EUVD-2026-42385

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42384

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS
Exploits0References1
EUVD
EUVD
•added 2 hours ago•3 views

EUVD-2026-42383

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS
Exploits0References8
Total number of security vulnerabilities418274