Lucene search
K

418343 matches found

EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42456

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42492

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS6.8AI score
Exploits0References7
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42455

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42478

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42490

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS6.9AI score
Exploits0References7
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42491

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6AI score
Exploits0References2
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42477

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•6 views

EUVD-2026-42479

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42457

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•6 views

EUVD-2026-42460

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42458

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•2 views

EUVD-2026-42454

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42488

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42487

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42481

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42480

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•2 views

EUVD-2026-42451

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42450

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42442

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score
Exploits0References2
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42489

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42485

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42468

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS5.5AI score
Exploits0References8
EUVD
EUVD
•added 3 hours ago•2 views

EUVD-2026-42459

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.3AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42452

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42449

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•6 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score
Exploits0References2
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42483

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42476

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•3 views

EUVD-2026-42448

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42482

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42486

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•5 views

EUVD-2026-42484

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•4 views

EUVD-2026-42453

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•3 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score
Exploits0References2
EUVD
EUVD
•added 3 hours ago•3 views

EUVD-2026-42446

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

2.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
•added 3 hours ago•2 views

EUVD-2026-42494

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function validatefilepath of the file mcptexteditor/texteditor.py. Such manipulation of the argument filepath leads to path traversal. The attack can be launched remotely. The exploit has been...

7.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
•added 3 hours ago•6 views

EUVD-2026-42493

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS6.9AI score
Exploits0References6
EUVD
EUVD
•added yesterday•2 views

EUVD-2026-42475

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS6.1AI score
Exploits0References4
EUVD
EUVD
•added yesterday•3 views

EUVD-2026-42474

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS6.3AI score
Exploits0References4
EUVD
EUVD
•added yesterday•3 views

EUVD-2026-42473

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS6AI score
Exploits0References6
EUVD
EUVD
•added yesterday•3 views

EUVD-2026-42472

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS5.9AI score
Exploits0References6
EUVD
EUVD
•added yesterday•3 views

EUVD-2026-42471

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS6AI score
Exploits0References4
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42470

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS5.9AI score
Exploits0References6
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42469

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS6AI score
Exploits0References6
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42467

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS5.9AI score
Exploits0References6
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42466

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS6AI score
Exploits0References6
EUVD
EUVD
•added yesterday•2 views

EUVD-2026-42465

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...

6.2CVSS6AI score
Exploits0References6
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42464

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS6AI score
Exploits0References6
EUVD
EUVD
•added yesterday•3 views

EUVD-2026-42463

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...

5.9CVSS5.9AI score
Exploits0References6
EUVD
EUVD
•added yesterday•4 views

EUVD-2026-42462

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF...

7.5CVSS6AI score
Exploits0References6
Total number of security vulnerabilities418343