Lucene search
K

417990 matches found

EUVD
EUVD
•added 2026/06/19 7:34 p.m.•8 views

EUVD-2026-38075

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 7:28 p.m.•6 views

EUVD-2026-38074

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 7:27 p.m.•6 views

EUVD-2026-38073

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS6AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 7:23 p.m.•6 views

EUVD-2026-38072

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 7:21 p.m.•8 views

EUVD-2026-38071

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 7:18 p.m.•7 views

EUVD-2026-38070

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

7.7CVSS6.1AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 7:2 p.m.•9 views

EUVD-2026-38066

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 6:49 p.m.•7 views

EUVD-2026-38065

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 6:45 p.m.•9 views

EUVD-2026-38064

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

8.9CVSS7AI score0.00633EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 6:32 p.m.•8 views

EUVD-2026-38063

The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers ...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 5:52 p.m.•7 views

EUVD-2023-60592

Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:48 p.m.•6 views

EUVD-2019-20198

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

8.7CVSS5.9AI score0.00442EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:45 p.m.•5 views

EUVD-2019-20197

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:42 p.m.•5 views

EUVD-2019-20196

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to comeasyshop, task set to...

6.9CVSS6AI score0.00426EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:38 p.m.•5 views

EUVD-2019-20195

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:35 p.m.•5 views

EUVD-2019-20194

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:31 p.m.•5 views

EUVD-2019-20193

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:31 p.m.•6 views

EUVD-2026-38056

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:28 p.m.•6 views

EUVD-2019-20192

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:25 p.m.•5 views

EUVD-2019-20191

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:21 p.m.•6 views

EUVD-2019-20190

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:18 p.m.•6 views

EUVD-2019-20189

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:16 p.m.•7 views

EUVD-2026-38055

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 5:15 p.m.•4 views

EUVD-2019-20188

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:11 p.m.•5 views

EUVD-2019-20187

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:8 p.m.•6 views

EUVD-2019-20186

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:5 p.m.•6 views

EUVD-2019-20185

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guestadult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guestadu...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 5:1 p.m.•5 views

EUVD-2019-20184

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS6.3AI score0.00296EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:58 p.m.•6 views

EUVD-2017-19009

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

8.8CVSS6AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 4:54 p.m.•5 views

EUVD-2017-19008

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=comextrasearch parameter and...

8.8CVSS6AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 4:51 p.m.•4 views

EUVD-2017-19007

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:48 p.m.•9 views

EUVD-2017-19006

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:44 p.m.•5 views

EUVD-2017-19005

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:41 p.m.•8 views

EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:38 p.m.•4 views

EUVD-2017-19003

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=comsimgenealogy, view=latest parameters...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:34 p.m.•4 views

EUVD-2017-19002

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comphpbridge&view=phpview parameters and...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:31 p.m.•4 views

EUVD-2017-19001

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•6 views

EUVD-2026-38047

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00399EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2026-38046

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•6 views

EUVD-2026-38045

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2026-38044

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2017-19000

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:24 p.m.•5 views

EUVD-2017-18999

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:23 p.m.•31 views

EUVD-2026-38043

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.8CVSS7AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:23 p.m.•7 views

EUVD-2026-38042

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:21 p.m.•6 views

EUVD-2017-18998

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:17 p.m.•5 views

EUVD-2017-18997

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:14 p.m.•5 views

EUVD-2017-18996

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:11 p.m.•5 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:7 p.m.•4 views

EUVD-2017-18994

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

8.8CVSS6AI score0.00334EPSS
Exploits0References4
Total number of security vulnerabilities417990