Lucene search
K

418285 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42446

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

2.5CVSS
Exploits0References2
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS
Exploits0References1
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42401

Improper access control in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42420

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42427

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42405

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42407

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42404

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2025-210442

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42411

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

5.5CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42416

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42418

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

4.7CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42423

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42379

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42384

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-42381

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer HTTPS module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

3.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42419

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42367

Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...

9.3CVSS6AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42385

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42388

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service DoS condition or potentially execute arbitrary code by sending specially crafted...

9.2CVSS6.5AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42403

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42410

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42412

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42413

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42417

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42415

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42376

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS6AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42377

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42370

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

6.4CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42372

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score
Exploits0References5
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42373

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, whi...

7.6CVSS6AI score
Exploits0References5
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42374

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42382

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42346

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42349

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42345

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42442

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS
Exploits0References1
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS
Exploits0References1
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-42434

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS
Exploits0References2
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42077

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE...

8.3CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42431

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42430

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42429

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS
Exploits0References3
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42428

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS
Exploits1References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42426

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

6.5CVSS6AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42425

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate...

6.5CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities418285