Lucene search
K

419337 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-43489

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces...

6.5CVSS
Exploits0References2
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-43488

A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

6.5CVSS
Exploits0References6
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-43487

Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution RCE vulnerability. The flaw is located in the endpoint “/index.cfm/api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion...

5.1CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43341

Mattermost versions 11.7.x = 11.7.1, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict metric configuration changes to the playbook being saved, which allows an authenticated user with team access to alter another user’s playbook metric settings via a crafted import or update request with a...

4.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43340

Mattermost versions 11.7.x = 11.7.2, 10.11.x = 10.11.19 fail to sanitize team objects returned by the scheme teams endpoint, which allows a user with the User Manager role to obtain invite links for private teams and use them to join or share access to those teams via the scheme teams API...

3.8CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-43339

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the managesharedchannels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43338

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tena...

9.4CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43337

Stored Cross-Site Scripting XSS vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the...

5.1CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43336

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43305

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43309

A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly...

9CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43313

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43314

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS6.3AI score
Exploits0References6
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43308

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43315

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...

5.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score
Exploits0References6
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43301

A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

9CVSS7.3AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43302

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS6.1AI score
Exploits1References2
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43316

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43297

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43299

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS6.5AI score
Exploits0References8
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43304

A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

9CVSS7.4AI score
Exploits0References6
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43303

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS6.2AI score
Exploits1References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43307

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43311

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43312

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43335

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43281

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...

6.5CVSS6.5AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43282

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43286

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43288

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43290

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43291

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level self-registerable account to approve, feature, or reject arbitrary jobs, including those owned by other user...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43294

A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be...

6.5CVSS6.4AI score
Exploits0References8
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43295

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43296

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43283

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43285

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43289

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43293

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43300

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43298

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS6.6AI score
Exploits0References8
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-43292

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...

6.1AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43334

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43333

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43332

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities419337