330 matches found
EUVD-2026-1722
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...
EUVD-2026-1713
EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...
EUVD-2026-1479
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...
EUVD-2026-1499
Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS...
EUVD-2026-1509
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...
EUVD-2026-1562
A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...
EUVD-2026-1455
A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...
EUVD-2026-1518
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in [email protected] Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through = 5.0...
EUVD-2026-1538
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...
EUVD-2026-1521
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...
EUVD-2026-1525
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...
EUVD-2026-1557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through = 3.0...
EUVD-2026-1558
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through = 2.1.0...
EUVD-2026-1537
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through = 7.2.7...
EUVD-2026-1534
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through = 1.6.6...
EUVD-2026-1539
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6...
EUVD-2026-1488
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updat...
EUVD-2026-1169
OpenLDAP Lightning Memory-Mapped Database LMDB mdbload contains a heap buffer underflow vulnerability in the readline function. When processing malformed input, an unsigned offset calculation can underflow a heap pointer, resulting in an out-of-bounds read of one byte before the allocated heap...
EUVD-2026-1171
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...
EUVD-2026-1200
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...