Lucene search
K

418058 matches found

EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2021-34851

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

8.5CVSS5.8AI score0.00115EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2020-31254

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

8.5CVSS5.8AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2020-31253

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.7 views

EUVD-2020-31252

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.9 views

EUVD-2020-31251

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2019-20183

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2016-10908

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...

8.5CVSS6.2AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10907

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2016-10906

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.7 views

EUVD-2016-10905

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.7 views

EUVD-2016-10904

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with...

8.5CVSS5.9AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10903

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2016-10901

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 2:16 p.m.7 views

EUVD-2016-10902

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10900

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10899

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackupwebServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem...

8.5CVSS6AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:16 p.m.12 views

EUVD-2016-10898

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

8.5CVSS6AI score0.00114EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:0 p.m.7 views

EUVD-2026-38037

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

5.7AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 1:48 p.m.5 views

EUVD-2026-38032

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:41 p.m.10 views

EUVD-2026-38031

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-si...

8.6CVSS6.2AI score0.01098EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:41 p.m.7 views

EUVD-2026-38030

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS5.9AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:37 p.m.8 views

EUVD-2026-38029

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

6CVSS5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:34 p.m.15 views

EUVD-2026-37787

Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests...

9.1CVSS5.8AI score0.00297EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 1:32 p.m.9 views

EUVD-2026-38028

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

7.1CVSS5.8AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:22 p.m.8 views

EUVD-2026-38027

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:19 p.m.9 views

EUVD-2026-38026

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:18 p.m.12 views

EUVD-2026-38025

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS5.9AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:17 p.m.8 views

EUVD-2026-38024

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:16 p.m.8 views

EUVD-2026-38023

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

2.1CVSS5.8AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:16 p.m.9 views

EUVD-2026-38022

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:15 p.m.10 views

EUVD-2026-38021

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:14 p.m.8 views

EUVD-2026-38020

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS5.9AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:13 p.m.23 views

EUVD-2026-38019

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:12 p.m.9 views

EUVD-2026-38018

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0,...

2.1CVSS5.8AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:11 p.m.8 views

EUVD-2026-38017

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:10 p.m.8 views

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:9 p.m.9 views

EUVD-2026-38014

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:7 p.m.9 views

EUVD-2026-38013

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

7CVSS5.9AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:5 p.m.8 views

EUVD-2026-38012

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.3CVSS6.3AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:4 p.m.9 views

EUVD-2026-38011

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

5.8CVSS5.8AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:59 p.m.10 views

EUVD-2026-38010

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS5.7AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 11:49 a.m.8 views

EUVD-2026-38008

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...

10CVSS5.8AI score0.00416EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 11:49 a.m.10 views

EUVD-2026-38007

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 11:49 a.m.8 views

EUVD-2026-38006

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 11:49 a.m.9 views

EUVD-2026-38005

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

7.1CVSS6.5AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 10:55 a.m.8 views

EUVD-2026-38004

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

6.5CVSS6AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 9:28 a.m.11 views

EUVD-2026-38002

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource memory page managed by a CPU thread of control driver and accessed by a GPU thread of control Firmware can caus...

5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 9:23 a.m.9 views

EUVD-2026-38001

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not...

5.8AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 9:23 a.m.10 views

EUVD-2026-38000

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts...

5.6CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 8:27 a.m.9 views

EUVD-2026-37999

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

7.5CVSS7.2AI score0.00697EPSS
Exploits0References1
Total number of security vulnerabilities418058