513 matches found
EUVD-2026-20033
ASDA-Soft Stack-based Buffer Overflow Vulnerability...
EUVD-2026-12480
Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...
EUVD-2026-10872
liquidjs has a path traversal fallback vulnerability...
The Baby Steps of the European Union Vulnerability Database: An Empirical Inquiry
A new European Union Vulnerability Database EUVD was introduced via a legislative act in 2022. The paper examines empirically the meta-data content of the new EUVD. According to the results, actively exploited vulnerabilities archived to the EUVD have been rather severe, having had also high...
EUVD-2026-4556
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
EUVD-2026-4573
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...
EUVD-2026-4577
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...
EUVD-2026-4588
Not used...
EUVD-2026-4596
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement CloudPagesUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...
EUVD-2026-4296
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup...
EUVD-2026-4282
In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublkpartitionscanwork A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub-ubdisk: 1. ublkctrlstartdev schedules partitionscanwork...
EUVD-2026-4285
In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...
EUVD-2026-4317
In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state until the reset handling has completed. During a reset, the...
EUVD-2026-4307
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...
EUVD-2026-4316
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.10.1...
EUVD-2026-4342
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...
EUVD-2026-4234
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through = 1.5...
EUVD-2026-4358
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.5...
EUVD-2026-4357
Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through = 2.7.9...
EUVD-2026-4377
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through = 1.1.3...