Lucene search
K

418363 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42505

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42506

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42518

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42516

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42515

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...

8.3CVSS7.4AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42513

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42510

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42511

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42512

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42508

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

6AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-42507

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42492

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS6.8AI score
Exploits0References7
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42490

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS6.9AI score
Exploits0References7
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42477

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42455

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42478

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42458

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42456

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-42479

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-42460

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42457

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42491

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42468

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS5.5AI score
Exploits0References8
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42442

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42489

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42481

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42480

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42484

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42483

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42449

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42450

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42476

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42482

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-42485

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42451

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42448

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago2 views

EUVD-2026-42459

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42488

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42487

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42486

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-42452

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42454

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42453

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42504

An issue in Generic OEM UZ801v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk...

6.3AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42503

In OpENer 2.3.0 commit 76b95cf, a resource exhaustion Denial of Service vulnerability exists in its network processing loop...

5.9AI score
Exploits0References3
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42500

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

7.5AI score
Exploits0References3
Total number of security vulnerabilities418363