EUVD-2026-3227

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

EUVD-2026-3231

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

EUVD-2026-3235

A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks...

EUVD-2026-3247

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksaddplan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2026-2895

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level...

EUVD-2026-2945

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

EUVD-2026-3020

EUVD-2026-3020...

EUVD-2026-3017

EUVD-2026-3017...

EUVD-2026-3013

EUVD-2026-3013...

EUVD-2026-3028

EUVD-2026-3028...

EUVD-2026-2825

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

EUVD-2026-2482

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the blamed commit below, if the MPC subflow is already in TCPCLOSE status or has fallback to TCP at mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclose flag and t...

EUVD-2026-2491

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:...

EUVD-2026-2603

EUVD-2026-2603...

EUVD-2026-2435

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

EUVD-2026-2117

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

EUVD-2026-2152

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Management Services allows an authorized attacker to elevate privileges locally...

EUVD-2026-2126

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2026-2146

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

EUVD-2026-2100

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes...