Lucene search
K

418024 matches found

EUVD
EUVD
added 2026/06/19 12:31 a.m.11 views

EUVD-2026-37965

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS6.9AI score0.00482EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37966

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS6.7AI score0.0071EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 12:31 a.m.10 views

EUVD-2026-37955

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.11 views

EUVD-2026-37946

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS5.3AI score0.00578EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.13 views

EUVD-2026-37957

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.2AI score0.0057EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37956

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37963

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS5.9AI score0.00489EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37959

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37962

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS5.6AI score0.00687EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37960

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

8.6CVSS5.8AI score0.00504EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37961

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 12:31 a.m.10 views

EUVD-2026-37947

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.3AI score0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.10 views

EUVD-2026-37958

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37952

Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS5.4AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37945

Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...

7.7CVSS5.3AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:0 a.m.8 views

EUVD-2026-38051

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...

6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:0 a.m.6 views

EUVD-2026-38052

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...

6.5AI score0.00561EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:0 a.m.8 views

EUVD-2026-38049

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter...

6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:0 a.m.5 views

EUVD-2026-38050

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter...

6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:0 a.m.9 views

EUVD-2025-210287

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

6AI score0.00823EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/18 9:9 p.m.8 views

EUVD-2026-37953

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS5.3AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 8:47 p.m.7 views

EUVD-2026-37949

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS5.3AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 8:44 p.m.9 views

EUVD-2026-4492

gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting CVE-2026-0755...

9.8CVSS8.7AI score0.03336EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:44 p.m.11 views

EUVD-2026-37156

OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:42 p.m.11 views

EUVD-2026-37154

OpenClaw: Empty-scope device re-pairing could confuse caller scope containment...

5.4CVSS5.2AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:41 p.m.13 views

EUVD-2026-37167

OpenClaw: Workspace-derived service PATH could influence trash command selection...

7.2CVSS5.2AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:39 p.m.12 views

EUVD-2026-37160

OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots...

7.1CVSS5.2AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:36 p.m.11 views

EUVD-2026-37151

OpenClaw: Discord allowFrom could bind to mutable display names...

8.6CVSS5.2AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:34 p.m.7 views

EUVD-2026-37152

OpenClaw: Focus command could miss controlScope enforcement...

6.8CVSS5.2AI score0.00093EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:33 p.m.10 views

EUVD-2026-37148

OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install...

7.1CVSS5.2AI score0.00118EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:33 p.m.9 views

EUVD-2026-37155

OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns...

8.3CVSS5.2AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:32 p.m.11 views

EUVD-2026-37162

OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers...

5.4CVSS5.2AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:31 p.m.10 views

EUVD-2026-37948

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.6AI score0.00263EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 8:31 p.m.8 views

EUVD-2026-37146

OpenClaw: memory-wiki shared search could miss session visibility checks...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:29 p.m.11 views

EUVD-2026-37158

OpenClaw: Config recovery could restore openclaw.json with broad file permissions...

5.7CVSS5.2AI score0.00094EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:20 p.m.8 views

EUVD-2026-37944

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

6.1CVSS5.2AI score0.00199EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 8:18 p.m.10 views

EUVD-2025-210285

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS5.4AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 8:17 p.m.10 views

EUVD-2026-37159

OpenClaw: Zalo allowFrom could bind to mutable display names...

8.6CVSS5.2AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:16 p.m.9 views

EUVD-2026-37147

OpenClaw: Skill-command dispatch could skip before-tool-call hooks...

4.3CVSS5.2AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:15 p.m.12 views

EUVD-2026-37149

OpenClaw: Active Memory write scope could mutate global config...

5.4CVSS5.2AI score0.00176EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:14 p.m.10 views

EUVD-2026-37143

OpenClaw: Exported session HTML could keep unsafe markdown links...

6.1CVSS5.2AI score0.00188EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:13 p.m.11 views

EUVD-2026-37153

OpenClaw: Slack reaction events could ignore reaction notification settings...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:12 p.m.11 views

EUVD-2026-37164

OpenClaw: Bootstrap token replay could widen pending pairing scopes...

5.4CVSS5.2AI score0.00088EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:12 p.m.12 views

EUVD-2026-37157

OpenClaw: Shell positional parameters could weaken strict inline-eval checks...

8.1CVSS5.2AI score0.0026EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:11 p.m.10 views

EUVD-2026-37161

OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 8:10 p.m.10 views

EUVD-2026-37150

OpenClaw: Exec allowlist could miss side effects from transparent command wrappers...

4.3CVSS5.2AI score0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 7:54 p.m.8 views

EUVD-2026-37942

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.8CVSS7.9AI score0.12163EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 7:44 p.m.13 views

EUVD-2026-37941

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS5.6AI score0.0045EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/18 7:39 p.m.10 views

EUVD-2026-37940

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 7:33 p.m.10 views

EUVD-2026-37939

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS4.8AI score0.00141EPSS
Exploits0References2
Total number of security vulnerabilities418024