#euvd β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #euvd, aggregated by home.social.
-
π¨ EUVD-2026-33030
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization ch...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33030
-
π¨ EUVD-2026-33031
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a speci...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33031
-
π¨ EUVD-2026-33032
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kib...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33032
-
π¨ EUVD-2026-33033
π Score: 7.2/10 (CVSS v3.1)
π¦ Product: Kibana, Kibana, Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33033
-
π¨ EUVD-2026-33034
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections manag...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33034
-
π¨ EUVD-2026-33035
π Score: 6.3/10 (CVSS v3.1)
π¦ Product: Kibana
π’ Vendor: Elastic
π Updated: 2026-05-28π Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress control...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33035
-
π¨ EUVD-2026-33036
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services, Oracle Hospitality OPERA 5 Property Services (+2 more)
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33036
-
π¨ EUVD-2026-33037
π Score: 7.9/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33037
-
π¨ EUVD-2026-33038
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33038
-
π¨ EUVD-2026-33039
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Or...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33039
-
π¨ EUVD-2026-33040
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: Oracle Payments
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33040
-
π¨ EUVD-2026-33041
π Score: 7.4/10 (CVSS v3.1)
π¦ Product: Oracle Payments
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33041
-
π¨ EUVD-2026-33042
π Score: 9.1/10 (CVSS v3.1)
π¦ Product: Oracle Internet Procurement Connector
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33042
-
π¨ EUVD-2026-33043
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: Oracle Financials Common Modules
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33043
-
π¨ EUVD-2026-33044
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Oracle Financials Common Modules
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33044
-
π¨ EUVD-2026-33045
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle iAssets
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33045
-
π¨ EUVD-2026-33046
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Oracle Public Sector Financials (International)
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitabl...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33046
-
π¨ EUVD-2026-33047
π Score: 9.9/10 (CVSS v3.1)
π¦ Product: Oracle Universal Work Queue
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerabilit...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33047
-
π¨ EUVD-2026-33048
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33048
-
π¨ EUVD-2026-33049
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33049
-
π¨ EUVD-2026-33050
π Score: 8.1/10 (CVSS v3.1)
π¦ Product: Oracle Payroll
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33050
-
π¨ EUVD-2026-33051
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33051
-
π¨ EUVD-2026-33052
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Oracle REST Data Services
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33052
-
π¨ EUVD-2026-33013
π Score: 9.0/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compro...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33013
-
π¨ EUVD-2026-33015
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33015
-
π¨ EUVD-2026-33014
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Oracle Database Server
π’ Vendor: Oracle Corporation
π Updated: 2026-05-28π Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromi...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-33014
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.96/10 (Medium)
π Vulnerabilities: 397
β¬οΈ Min: 2.7 | β¬οΈ Max: 10.0π Date: 2026-05-27
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.74/10 (Medium)
π Vulnerabilities: 286
β¬οΈ Min: 1.8 | β¬οΈ Max: 10.0π Date: 2026-05-26
-
π¨ EUVD-2026-32007
π Score: 8.3/10 (CVSS v3.1)
π¦ Product: velocity.js
π’ Vendor: shepherdwind
π Updated: 2026-05-26π Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of #set directives in Velocity templat...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32007
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.9/10 (Medium)
π Vulnerabilities: 161
β¬οΈ Min: 2.1 | β¬οΈ Max: 9.3π Date: 2026-05-25
-
π EUVD Daily CVSS Summary
π‘ Average Score: 6.42/10 (Medium)
π Vulnerabilities: 288
β¬οΈ Min: 2.3 | β¬οΈ Max: 9.8π Date: 2026-05-24
-
π¨ EUVD-2026-31622
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Employee Management System
π’ Vendor: code-projects
π Updated: 2026-05-25π A vulnerability was detected in code-projects Employee Management System 1.0. Affected is an unknown function of the file /myprofileup.php. Performing a manipulation of the argument ID results in cross site scripting. The attack is p...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31622
-
π¨ EUVD-2026-31621
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Employee Management System
π’ Vendor: code-projects
π Updated: 2026-05-25π A flaw has been found in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /changepassemp.php. Executing a manipulation of the argument ID can lead to cross site scri...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31621
-
π¨ EUVD-2026-31620
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: Aterm CM51FD, Aterm MR51FN
π’ Vendor: NEC Platforms, Ltd.
π Updated: 2026-05-25π An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the productβs web console, they may be able to execute arbitrary OS commands via adjacent network.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31620
-
π¨ EUVD-2026-31623
π Score: 4.8/10 (CVSS v3.1)
π¦ Product: Aterm WX4200D5, Aterm WX7800T8, Aterm WX11000T12 (+6 more)
π’ Vendor: NEC Platforms, Ltd.
π Updated: 2026-05-25π A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31623
-
π¨ EUVD-2026-31626
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Employee Management System
π’ Vendor: code-projects
π Updated: 2026-05-25π A vulnerability has been found in code-projects Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to cross site scripting. It i...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31626
-
π¨ EUVD-2026-31625
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: KLiK SocialMediaWebsite
π Updated: 2026-05-25π A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public an...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31625
-
π¨ EUVD-2026-31624
π Score: 6.9/10 (CVSS v3.1)
π¦ Product: KLiK SocialMediaWebsite
π Updated: 2026-05-25π A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The expl...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31624
-
π¨ EUVD-2026-31616
π Score: 5.1/10 (CVSS v3.1)
π¦ Product: Indian Invoicing System, Indian Invoicing System
π’ Vendor: SourceCodester
π Updated: 2026-05-25π A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add_order.php of the component Invoice Template Re...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31616
-
π¨ EUVD-2026-31618
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Employee Management System
π’ Vendor: code-projects
π Updated: 2026-05-25π A weakness has been identified in code-projects Employee Management System 1.0. This affects an unknown function of the file /eloginwel.php. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31618
-
π¨ EUVD-2026-31619
π Score: 8.5/10 (CVSS v3.1)
π¦ Product: NitrorSense V3
π’ Vendor: Acer
π Updated: 2026-05-25π NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticat...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31619
-
π¨ EUVD-2026-31617
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Employee Management System
π’ Vendor: code-projects
π Updated: 2026-05-25π A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack c...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31617
-
π¨ EUVD-2024-23947
π Score: 5.5/10 (CVSS v3.1)
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Published: 2024-04-03 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential bug in end_buffer_async_write
According to a syzbot report, end_buffer_async_write(), which handles the
completion of blo...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-23947
-
π¨ EUVD-2024-23957
π Score: n/a
π¦ Product: Linux, Linux, Linux (+18 more)
π’ Vendor: Linux
π Published: 2024-04-03 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-23957
-
π¨ EUVD-2024-23968
π Score: n/a
π¦ Product: Linux, Linux, Linux (+16 more)
π’ Vendor: Linux
π Published: 2024-04-03 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
parisc: Fix random data corruption from exception handler
The current exception handler implementation, which assists when accessing
user space memory, may ex...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-23968
-
π¨ EUVD-2024-23974
π Score: 4.4/10 (CVSS v3.1)
π¦ Product: Linux, Linux, Linux (+14 more)
π’ Vendor: Linux
π Published: 2024-04-03 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
powerpc/kasan: Fix addr error caused by page alignment
In kasan_init_region, when k_start is not page aligned, at the begin of
for loop, k_cur ...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-23974
-
π¨ EUVD-2024-23977
π Score: n/a
π¦ Product: Linux, Linux, Linux (+14 more)
π’ Vendor: Linux
π Published: 2024-04-03 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
In current scenario if Plug-out and Plug-In performed continuously
there could be a cha...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-23977
-
π¨ EUVD-2021-33862
π Score: n/a
π¦ Product: Linux, Linux, Linux (+6 more)
π’ Vendor: Linux
π Published: 2024-04-10 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
hugetlb, userfaultfd: fix reservation restore on userfaultfd error
Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we
bail out using "goto ...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-33862
-
π¨ EUVD-2021-33840
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Linux, Linux, Linux (+12 more)
π’ Vendor: Linux
π Published: 2024-04-10 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
scsi: core: sysfs: Fix hang when device state is set via sysfs
This fixes a regression added with:
commit f0f82e2476f6 ("scsi: core: Fix capac...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-33840
-
π¨ EUVD-2021-33843
π Score: n/a
π¦ Product: Linux, Linux, Linux (+8 more)
π’ Vendor: Linux
π Published: 2024-04-10 | Updated: 2026-05-23π In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free of the add_lock mutex
Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
SPI buses") introduced a per-controller mu...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-33843