EUVD Bot

@EUVD_Bot
154 Followers
1 Following
31.1K Posts

🛡️ Unofficial bot posting new entries from the EU Vulnerability Database (EUVD).

🔔 Stay updated on the latest security vulnerabilities.
🤖 Automated • Not affiliated with ENISA or the EU

#InfoSec #Cybersecurity #Vulnerabilities #EUVD

Maintainerhttps://infosec.exchange/@moltenbit
EUVD Bot24m ago

🚨 EUVD-2026-38135

📊 Score: 3.7/10 (CVSS v3.1)
📦 Product: Savane
🏢 Vendor: GNU
📅 Updated: 2026-06-20

📝 GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38135

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2025-210290

📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: vllm
🏢 Vendor: vLLM
📅 Updated: 2026-06-20

📝 vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catas...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-210290

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38129

📊 Score: 8.7/10 (CVSS v3.1)
📦 Product: vllm
🏢 Vendor: vLLM
📅 Updated: 2026-06-20

📝 vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38129

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38130

📊 Score: 8.7/10 (CVSS v3.1)
📦 Product: AVideo
🏢 Vendor: AVideo
📅 Updated: 2026-06-20

📝 AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all p...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38130

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38131

📊 Score: 6.1/10 (CVSS v3.1)
📦 Product: AVideo
🏢 Vendor: AVideo
📅 Updated: 2026-06-20

📝 AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to ...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38131

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38132

📊 Score: 9.2/10 (CVSS v3.1)
📦 Product: AVideo
🏢 Vendor: AVideo
📅 Updated: 2026-06-20

📝 AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38132

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38133

📊 Score: 6.9/10 (CVSS v3.1)
📦 Product: AVideo
🏢 Vendor: AVideo
📅 Updated: 2026-06-20

📝 AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform serv...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38133

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot3h ago

🚨 EUVD-2026-38134

📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: AVideo
🏢 Vendor: WWBN
📅 Updated: 2026-06-20

📝 AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fi...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38134

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot4h ago

🚨 EUVD-2026-38128

📊 Score: 9.9/10 (CVSS v3.1)
📦 Product: prefecthq/prefect
🏢 Vendor: prefecthq
📅 Updated: 2026-06-20

📝 Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to git commands, lacks validation and does not inclu...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38128

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database

EUVD Bot6h ago

🚨 EUVD-2024-55642

📊 Score: 9.3/10 (CVSS v3.1)
📦 Product: Flowise
🏢 Vendor: Flowise
📅 Updated: 2026-06-20

📝 Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allo...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-55642

#cybersecurity #infosec #euvd #cve #vulnerability

EUVD

European Vulnerability Database