EUVD-2026-1950

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

EUVD-2026-1945

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

EUVD-2026-1949

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier...

EUVD-2026-1902

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

EUVD-2026-1905

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to...

EUVD-2026-1907

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor...

EUVD-2026-1720

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...

EUVD-2026-1709

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

EUVD-2026-1714

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the loginerror parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web...

EUVD-2026-1702

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

EUVD-2026-1705

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

EUVD-2026-1729

A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. Th...

CGA-P2HW-6G52-WQG3

Bulletin has no description...

EUVD-2026-1751

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...

EUVD-2026-1735

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

EUVD-2026-1740

The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' parameter of the arctext shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-1758

This vulnerability allows authenticated attackers to execute commands via the hostname of the device...

EUVD-2026-1769

The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'entry-views' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2026-1802

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...

EUVD-2026-1792

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fh fingerprint parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it...