EUVD-2025-205321

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...

EUVD-2025-205339

Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...

EUVD-2025-204819

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

EUVD-2025-204832

Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...

EUVD-2025-204374

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

EUVD-2025-204274

Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7...

EUVD-2025-201242

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

EUVD-2025-198200

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

EUVD-2025-38206

EUVD-2025-38206...

EUVD-2025-37772

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-37708

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data...

EUVD-2025-37720

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access protected user data...

EUVD-2025-37519

EUVD-2025-37519...

EUVD-2025-37518

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...