EUVD-2026-4452

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

EUVD-2026-4478

Foundation Agents MetaGPT deserializemessage Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this...

EUVD-2026-4113

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

EUVD-2026-3467

The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digitone' and 'digittwo' parameters in all versions up to, and including, 1.02 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-2899

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...

EUVD-2026-3030

EUVD-2026-3030...

EUVD-2026-2545

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' and 'namedirectorydescription' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-1224

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0...

EUVD-2026-1001

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

EUVD-2026-1017

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...

EUVD-2026-0158

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0319

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0336

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0525

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0610

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-205911

Cross-Site Request Forgery CSRF vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1...

EUVD-2025-205309

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...

EUVD-2025-205123

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

EUVD-2025-204733

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

EUVD-2025-204290

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...