Lucene search
K

418004 matches found

EUVD
EUVD
added 2026/06/22 4:36 p.m.6 views

EUVD-2026-38313

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 4:34 p.m.7 views

EUVD-2026-38312

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:33 p.m.7 views

EUVD-2026-38311

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 4:32 p.m.7 views

EUVD-2026-38310

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 4:31 p.m.6 views

EUVD-2026-38309

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:30 p.m.6 views

EUVD-2026-38308

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 4:23 p.m.5 views

EUVD-2026-38307

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:21 p.m.7 views

EUVD-2026-38306

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:19 p.m.5 views

EUVD-2026-38305

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:16 p.m.6 views

EUVD-2026-38304

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.7CVSS6.2AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:10 p.m.6 views

EUVD-2026-38303

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/22 4:7 p.m.6 views

EUVD-2026-38302

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.2CVSS6AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:58 p.m.6 views

EUVD-2026-38301

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

7CVSS5.9AI score0.00138EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 3:58 p.m.6 views

EUVD-2026-38300

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS5.9AI score0.0034EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/22 3:54 p.m.16 views

EUVD-2026-38299

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...

5.5CVSS6AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:49 p.m.9 views

EUVD-2026-38298

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:43 p.m.7 views

EUVD-2026-38297

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:42 p.m.6 views

EUVD-2026-38296

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:41 p.m.6 views

EUVD-2026-38295

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:40 p.m.8 views

EUVD-2026-38294

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.9AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:39 p.m.9 views

EUVD-2026-38293

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.8CVSS6.1AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:39 p.m.7 views

EUVD-2026-38292

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:38 p.m.7 views

EUVD-2026-38291

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.9AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:37 p.m.6 views

EUVD-2026-38290

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:37 p.m.7 views

EUVD-2026-38289

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS6AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:32 p.m.6 views

EUVD-2026-38275

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:32 p.m.8 views

EUVD-2026-38274

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:31 p.m.9 views

EUVD-2026-38273

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:31 p.m.6 views

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:30 p.m.11 views

EUVD-2026-38271

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:30 p.m.7 views

EUVD-2026-38270

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:28 p.m.7 views

EUVD-2026-38269

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:27 p.m.6 views

EUVD-2026-38268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:25 p.m.6 views

EUVD-2026-38267

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:21 p.m.9 views

EUVD-2026-38266

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:21 p.m.7 views

EUVD-2026-38265

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:20 p.m.10 views

EUVD-2026-38264

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:20 p.m.7 views

EUVD-2026-38263

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS5.9AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:20 p.m.8 views

EUVD-2026-38262

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38261

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component...

5.3CVSS6AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38260

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 3:16 p.m.6 views

EUVD-2026-38259

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:16 p.m.9 views

EUVD-2026-38258

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

8.7CVSS5.9AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:11 p.m.7 views

EUVD-2026-38257

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 2:59 p.m.6 views

EUVD-2026-38256

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/22 2:55 p.m.6 views

EUVD-2026-38255

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/22 2:53 p.m.7 views

EUVD-2026-38254

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

5.9CVSS5.9AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:47 p.m.8 views

EUVD-2026-38253

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:46 p.m.7 views

EUVD-2026-38252

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...

7.4CVSS5.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:44 p.m.7 views

EUVD-2026-38251

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

7.4CVSS5.9AI score0.00338EPSS
Exploits0References1
Total number of security vulnerabilities418004