PT-2026-36747

CVE-2025-12993 - Apache HTTP Server Cross-Site Scripting Vulnerability CVE ID :CVE-2025-12993 Published : May 1, 2026, 9:16 p.m. | 54 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of...

CVE-2017-17456

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

EUVD-2026-4560

The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2026-4410

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

EUVD-2026-3188

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

EUVD-2026-2979

Not used...

EUVD-2026-2066

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

EUVD-2026-2162

Improper access control in Windows Client-Side Caching CSC Service allows an authorized attacker to disclose information locally...

EUVD-2026-2268

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2026-1739

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...

EUVD-2026-1773

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

EUVD-2026-1438

Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rendered in HTML pages without proper output encodi...

EUVD-2026-0868

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Infility Infility Global allows SQL Injection.This issue affects Infility Global: from n/a through 2.14.48...

EUVD-2026-0893

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...

EUVD-2026-0060

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0054

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0514

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0646

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-205312

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...

EUVD-2025-204845

This CVE id was assigned but later discarded...