48 matches found
EUVD-2026-1479
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...
EUVD-2026-1205
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...
EUVD-2026-1241
EUVD-2026-1241...
EUVD-2026-1267
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25...
EUVD-2026-1015
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8...
EUVD-2026-0974
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729...
EUVD-2026-0909
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Such manipulation of the argument passwd1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...
EUVD-2026-0072
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0119
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0187
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0303
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0428
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2026-0662
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...
EUVD-2025-205871
A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...
EUVD-2025-205321
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...
EUVD-2025-205138
In the Linux kernel, the following vulnerability has been resolved: iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task...
EUVD-2025-204449
Not used...
EUVD-2025-204314
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...
EUVD-2025-204387
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7...
EUVD-2025-204282
Integer overflow vulnerability in the yuv2ya16Xctemplate function in libswscale/output.c in FFmpeg 8.0...