Data sources·vuln
ENISA EU Vulnerability Database
euvd
Runs in 30d
0
0 ok · 0 err
Success rate
—
last 30 days
Inserted (30d)
0
new rows
Updated (30d)
0
re-merged rows
Recent runs
| Started | Status | Inserted | Updated | Error / cursor |
|---|---|---|---|---|
| No runs in the last 30 days. | ||||
Recent vulnerabilities from this source
- CVE-2026-33590High· 8.5Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings t21 h ago
- CVE-2026-11967High· 8.5MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the wi22 h ago
- CVE-2026-11879High· 8.5MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the applicati22 h ago
- CVE-2026-1836Medium· 5.3The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.22 h ago
- CVE-2026-8464High· 8.3Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue2 d ago
- CVE-2026-8335High· 7.1A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all oth2 d ago
- CVE-2026-47901Medium· 4.6Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy (3 d ago
- CVE-2026-47900Medium· 4.6Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the e3 d ago
- CVE-2026-47899High· 8.7The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin), 3 d ago
- CVE-2026-9279High· 8.7Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concatenated with the command and passed to `chil3 d ago
- CVE-2026-10731Critical· 9.3SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior authentication, all4 d ago
- CVE-2026-42250Medium· 4.8bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). T8 d ago
- CVE-2026-47325Medium· 6.9ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The application does not require or prompt use9 d ago
- CVE-2026-47324Medium· 5.1ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScri9 d ago
- CVE-2026-8993Medium· 6.5D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection t10 d ago