Lucene search
K

418004 matches found

EUVD
EUVD
•added 2026/06/19 4:31 p.m.•4 views

EUVD-2017-19001

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•6 views

EUVD-2026-38047

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00399EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2026-38046

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•6 views

EUVD-2026-38045

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2026-38044

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:28 p.m.•5 views

EUVD-2017-19000

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:24 p.m.•5 views

EUVD-2017-18999

Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sfselectuserid parameter. Attackers can send GET requests to index.php with the option=comupl and...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:23 p.m.•31 views

EUVD-2026-38043

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.8CVSS7AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:23 p.m.•7 views

EUVD-2026-38042

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

5.5CVSS5.9AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:21 p.m.•6 views

EUVD-2017-18998

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 4:17 p.m.•5 views

EUVD-2017-18997

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=comtwitchtv and view paramete...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:14 p.m.•5 views

EUVD-2017-18996

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:11 p.m.•5 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:7 p.m.•4 views

EUVD-2017-18994

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...

8.8CVSS6AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:4 p.m.•5 views

EUVD-2017-18993

Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 4:1 p.m.•6 views

EUVD-2017-18992

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:59 p.m.•5 views

EUVD-2026-38041

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS5.8AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 3:57 p.m.•5 views

EUVD-2017-18991

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:54 p.m.•6 views

EUVD-2017-18990

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:53 p.m.•6 views

EUVD-2026-38040

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

5.3CVSS5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 3:51 p.m.•4 views

EUVD-2017-18989

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:48 p.m.•6 views

EUVD-2026-38039

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 3:47 p.m.•9 views

EUVD-2017-18988

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:44 p.m.•4 views

EUVD-2017-18987

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:40 p.m.•5 views

EUVD-2017-18986

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:40 p.m.•7 views

EUVD-2026-38038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

5.1CVSS5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 3:37 p.m.•4 views

EUVD-2017-18985

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:34 p.m.•7 views

EUVD-2017-18984

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:30 p.m.•6 views

EUVD-2017-18983

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:27 p.m.•3 views

EUVD-2017-18982

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:24 p.m.•5 views

EUVD-2017-18981

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=comuserbench&view=detail&userid...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:20 p.m.•4 views

EUVD-2017-18980

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extrac...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 3:17 p.m.•6 views

EUVD-2017-18979

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=comnge&view=config and inject malicious SQL code in the plname paramet...

8.8CVSS6.3AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:50 p.m.•8 views

EUVD-2026-38035

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/19 2:46 p.m.•9 views

EUVD-2026-37802

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...

8.4CVSS5.8AI score0.00302EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 2:43 p.m.•8 views

EUVD-2026-38033

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

5.8AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:43 p.m.•11 views

EUVD-2026-38034

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

5.7AI score0.00103EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/19 2:34 p.m.•9 views

EUVD-2026-37758

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching...

3.7CVSS5.8AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:22 p.m.•9 views

EUVD-2026-37747

undici WebSocket client vulnerable to denial of service via fragment count bypass...

7.5CVSS5.8AI score0.00641EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:21 p.m.•9 views

EUVD-2026-37764

undici vulnerable to HTTP header injection via Set-Cookie percent-decoding...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:20 p.m.•10 views

EUVD-2026-37760

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 2:19 p.m.•17 views

EUVD-2026-37769

undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•8 views

EUVD-2025-210288

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•7 views

EUVD-2023-60591

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•7 views

EUVD-2022-56007

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem...

8.5CVSS6AI score0.00205EPSS
Exploits1References4
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•7 views

EUVD-2020-31255

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

8.5CVSS6AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•8 views

EUVD-2021-34851

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

8.5CVSS5.8AI score0.00115EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•6 views

EUVD-2020-31254

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

8.5CVSS5.8AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•8 views

EUVD-2020-31253

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/19 2:16 p.m.•7 views

EUVD-2020-31252

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
Total number of security vulnerabilities418004