EUVD-2026-20033

ASDA-Soft Stack-based Buffer Overflow Vulnerability...

EUVD-2026-12480

Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...

The Baby Steps of the European Union Vulnerability Database: An Empirical Inquiry

A new European Union Vulnerability Database EUVD was introduced via a legislative act in 2022. The paper examines empirically the meta-data content of the new EUVD. According to the results, actively exploited vulnerabilities archived to the EUVD have been rather severe, having had also high...

EUVD-2026-4556

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

EUVD-2026-4381

Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through = 1.5.7...

EUVD-2026-4417

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

EUVD-2026-4422

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure...

EUVD-2026-4459

Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...

EUVD-2026-3898

Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through = 1.2.7...

EUVD-2026-3941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through = 1.3.3...

EUVD-2026-4032

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through = 10.30.3...

EUVD-2026-4065

Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through = 1.0.5...

EUVD-2026-3693

Not used...

EUVD-2026-3462

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend...

EUVD-2026-3470

Not used...

EUVD-2026-3491

EUVD-2026-3491...

EUVD-2026-2947

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

EUVD-2026-3016

EUVD-2026-3016...

EUVD-2026-2517

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

EUVD-2026-2633

EUVD-2026-2633...