Lucene search
K

418590 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42740

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS5.9AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-42739

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score
Exploits0References1
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42738

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS5.8AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42737

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS5.9AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42736

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42735

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42734

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS5.8AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42733

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content...

7.4CVSS6AI score
Exploits0References9
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42732

A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this...

4.8CVSS5.3AI score
Exploits0References7
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42731

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pullhotlinkedimages when an attacker knew the secured upload URL and the secureuploads site setting was enabled. This issue is fixed in versions 2026.6.0,...

6.3CVSS5.8AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42730

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42729

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS5.9AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42728

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS6AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42727

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS5.5AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42700

An Out-of-bounds Write vulnerability in the SNMP daemon snmpd of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd proces...

5.3CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42689

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-42688

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42699

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to cras...

8.2CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42694

Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. Th...

5.4CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42691

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42690

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42692

A weakness has been identified in D-link DIR-823G 1.0.2B0520181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...

7.7CVSS6.4AI score
Exploits0References7
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42701

An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for...

7.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42702

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service DoS...

7.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42672

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42678

An authentication bypass vulnerability in Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software allows an attacker with network access to bypass security restrictions and establish an unauthorized site-to-site VPN connection. Panorama, Cloud NGFW, and Prisma® Access are not...

7.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42676

A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...

7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score
Exploits0References9
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42675

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42679

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42680

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...

5.9CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42682

Multiple cross site scripting vulnerabilities in the User-ID™ Authentication Portal aka Captive Portal service, GlobalProtect™ gateway/portal features and Clientless VPN of Palo Alto Networks PAN-OS® software enables a malicious unauthenticated user to store or execute malicious JavaScript payloa...

5.3CVSS5.4AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42677

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42681

An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to bypass firewall security policy enforcement, allowing network traffic that should be blocked to reach protected services. Cloud NGFW and Panorama are not impacted...

6.3CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2025-210448

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42725

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185RT10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...

7.7CVSS6.3AI score
Exploits0References12
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42724

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42720

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global SessionStore accepts caller-supplied sessionid values without binding them to any authenticated principal or transport session. An attacker can enumerate active session I...

8.6CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42719

A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...

8.2CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42717

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago7 views

EUVD-2026-38358

pypdf: Possible infinite loop when processing threads/articles in writer...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42716

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...

7.3CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42715

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service DoS.When sFlow is configured in a Virtual Chassis VC scenario...

7.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42714

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42713

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service DoS. On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific...

6.8CVSS6AI score
Exploits0References1
Total number of security vulnerabilities418590