EUVD-2026-4541

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

EUVD-2026-4573

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

EUVD-2026-4577

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

EUVD-2026-4590

Not used...

EUVD-2026-4596

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement CloudPagesUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

EUVD-2026-4282

In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublkpartitionscanwork A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub-ubdisk: 1. ublkctrlstartdev schedules partitionscanwork...

EUVD-2026-4285

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...

EUVD-2026-4341

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

EUVD-2026-4234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through = 1.5...

EUVD-2026-4357

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through = 2.7.9...

EUVD-2026-4379

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through = 1.2.15...

EUVD-2026-4373

Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through = 1.5.5...

EUVD-2026-4402

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

EUVD-2026-4409

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2026-4421

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and...

EUVD-2026-4445

Not used...

EUVD-2026-4474

WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists...

EUVD-2026-4487

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a...

EUVD-2026-4440

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

EUVD-2026-4465

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...