418024 matches found
EUVD-2026-37965
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...
EUVD-2026-37966
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...
EUVD-2026-37955
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...
EUVD-2026-37946
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-37957
Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...
EUVD-2026-37956
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
EUVD-2026-37963
SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...
EUVD-2026-37959
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...
EUVD-2026-37962
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...
EUVD-2026-37960
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...
EUVD-2026-37961
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...
EUVD-2026-37947
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...
EUVD-2026-37958
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...
EUVD-2026-37952
Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...
EUVD-2026-37945
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network...
EUVD-2026-38051
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...
EUVD-2026-38052
In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...
EUVD-2026-38049
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter...
EUVD-2026-38050
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter...
EUVD-2025-210287
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...
EUVD-2026-37953
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
EUVD-2026-37949
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
EUVD-2026-4492
gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting CVE-2026-0755...
EUVD-2026-37156
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state...
EUVD-2026-37154
OpenClaw: Empty-scope device re-pairing could confuse caller scope containment...
EUVD-2026-37167
OpenClaw: Workspace-derived service PATH could influence trash command selection...
EUVD-2026-37160
OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots...
EUVD-2026-37151
OpenClaw: Discord allowFrom could bind to mutable display names...
EUVD-2026-37152
OpenClaw: Focus command could miss controlScope enforcement...
EUVD-2026-37148
OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install...
EUVD-2026-37155
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns...
EUVD-2026-37162
OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers...
EUVD-2026-37948
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...
EUVD-2026-37146
OpenClaw: memory-wiki shared search could miss session visibility checks...
EUVD-2026-37158
OpenClaw: Config recovery could restore openclaw.json with broad file permissions...
EUVD-2026-37944
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
EUVD-2025-210285
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
EUVD-2026-37159
OpenClaw: Zalo allowFrom could bind to mutable display names...
EUVD-2026-37147
OpenClaw: Skill-command dispatch could skip before-tool-call hooks...
EUVD-2026-37149
OpenClaw: Active Memory write scope could mutate global config...
EUVD-2026-37143
OpenClaw: Exported session HTML could keep unsafe markdown links...
EUVD-2026-37153
OpenClaw: Slack reaction events could ignore reaction notification settings...
EUVD-2026-37164
OpenClaw: Bootstrap token replay could widen pending pairing scopes...
EUVD-2026-37157
OpenClaw: Shell positional parameters could weaken strict inline-eval checks...
EUVD-2026-37161
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently...
EUVD-2026-37150
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers...
EUVD-2026-37942
OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...
EUVD-2026-37941
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...
EUVD-2026-37940
Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...
EUVD-2026-37939
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...