Lucene search
K

418117 matches found

EUVD
EUVD
added 2026/06/17 7:59 p.m.11 views

EUVD-2026-37790

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.5AI score0.00439EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 7:48 p.m.12 views

EUVD-2026-37789

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.5AI score0.00439EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 7:48 p.m.10 views

EUVD-2026-37788

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 7:13 p.m.13 views

EUVD-2026-37786

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 7:8 p.m.11 views

EUVD-2026-37785

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS5.4AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 7:3 p.m.9 views

EUVD-2026-37784

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

9.2CVSS5.8AI score0.00732EPSS
Exploits10References3
EUVD
EUVD
added 2026/06/17 7:1 p.m.11 views

EUVD-2026-37783

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:44 p.m.11 views

EUVD-2026-37782

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/17 6:43 p.m.9 views

EUVD-2026-37781

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37715

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

7.7CVSS5.2AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210263

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2025-210260

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS5.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210259

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS5.3AI score0.00482EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210254

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210252

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210261

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210255

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210262

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210256

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210251

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2025-210257

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2025-210258

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2025-210250

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS5.7AI score0.00383EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37559

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37563

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210253

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2025-210249

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS5.2AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37562

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS5.6AI score0.00269EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37558

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS5.3AI score0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37647

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37633

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37640

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.5 views

EUVD-2026-37636

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37635

Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...

7.1CVSS5.2AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37628

Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...

9.8CVSS5.4AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37643

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37629

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS5.3AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37644

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.15 views

EUVD-2026-37642

Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...

9.8CVSS5.4AI score0.00588EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37634

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37637

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS5.2AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37557

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37631

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37627

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS5.2AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37625

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37641

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

8.8CVSS5.2AI score0.00389EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37553

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS7.6AI score0.01786EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37556

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.3AI score0.0014EPSS
Exploits0References2
Total number of security vulnerabilities418117