Lucene search
K

417990 matches found

EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38165

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS6AI score0.00134EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.5 views

EUVD-2025-210294

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38164

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2025-210293

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2025-210292

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.5 views

EUVD-2025-210291

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

8.1CVSS6.7AI score0.00397EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/21 10:0 a.m.9 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:30 a.m.6 views

EUVD-2026-38157

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:15 a.m.8 views

EUVD-2026-38156

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function asyncprecallhook of the file enterprise/enterprisehooks/bannedkeywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack ma...

6.5CVSS6.1AI score0.00226EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 9:0 a.m.7 views

EUVD-2026-38155

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS6.2AI score0.00358EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 8:30 a.m.9 views

EUVD-2026-38154

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...

7.5CVSS6.7AI score0.00508EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 8:0 a.m.12 views

EUVD-2026-38153

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/21 7:45 a.m.10 views

EUVD-2026-38152

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS6.2AI score0.00237EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:30 a.m.9 views

EUVD-2026-38151

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS6AI score0.00242EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:15 a.m.8 views

EUVD-2026-38150

A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack...

8.5CVSS6.3AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:0 a.m.10 views

EUVD-2026-38149

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDANTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...

8.5CVSS5.4AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 6:18 a.m.10 views

EUVD-2026-38148

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/21 6:0 a.m.12 views

EUVD-2026-38147

A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...

8.5CVSS5.4AI score0.00109EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/21 5:45 a.m.9 views

EUVD-2026-38146

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

8.5CVSS5.3AI score0.00112EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/21 5:30 a.m.9 views

EUVD-2026-38145

A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclose...

8.5CVSS5.3AI score0.00111EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 5:15 a.m.9 views

EUVD-2026-38144

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS5.3AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 5:0 a.m.9 views

EUVD-2026-38143

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

8.5CVSS5.2AI score0.00113EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 4:45 a.m.10 views

EUVD-2026-38142

A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 4:0 a.m.8 views

EUVD-2026-38141

A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. Th...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 3:45 a.m.9 views

EUVD-2026-38140

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function executewithmcpclient of the file litellm/proxy/experimental/mcpserver/restendpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side...

6.5CVSS6AI score0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 3:15 a.m.8 views

EUVD-2026-38139

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 2:0 a.m.9 views

EUVD-2026-38138

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 1:0 a.m.10 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 12:15 a.m.8 views

EUVD-2026-38136

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/managementendpoints/keymanagementendpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/20 8:8 p.m.8 views

EUVD-2026-38135

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization...

3.7CVSS5.8AI score0.00349EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38134

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38133

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38132

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target usersid from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload wit...

9.2CVSS6AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.8 views

EUVD-2026-38131

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS6AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38130

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2026-38129

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS6.1AI score0.00831EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/20 4:43 p.m.11 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/20 3:24 p.m.11 views

EUVD-2026-38127

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmationurl parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting...

5.1CVSS6AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38126

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38125

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38124

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38122

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38123

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38121

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

4.8CVSS5.9AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38119

Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...

6CVSS5.9AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38120

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38118

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38117

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Total number of security vulnerabilities417990