EUVD-2026-1800

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

EUVD-2026-1783

Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock...

EUVD-2026-1789

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB...

EUVD-2026-1788

Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code...

EUVD-2026-1819

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

EUVD-2026-1724

An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly...

EUVD-2026-1715

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profi...

EUVD-2026-1717

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file...

EUVD-2026-1448

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

EUVD-2026-1482

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23...

EUVD-2026-1565

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

EUVD-2026-1566

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

EUVD-2026-1572

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

EUVD-2026-1577

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through = 1.6.2...

EUVD-2026-1544

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

EUVD-2026-1433

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

EUVD-2026-1456

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...

EUVD-2026-1554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through = 2.5.0...

EUVD-2026-1430

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through = 2.0...

EUVD-2026-1526

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...