249 matches found
EUVD-2026-2112
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
EUVD-2026-2117
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
EUVD-2026-2171
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally...
EUVD-2026-2108
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
EUVD-2026-2135
Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...
EUVD-2026-2176
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally...
EUVD-2026-2073
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally...
EUVD-2026-2228
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform...
EUVD-2026-2285
In the Linux kernel, the following vulnerability has been resolved: iouring: fix filename leak in ioopenatprep ioopenatprep allocates a struct filename using getname. However, for the condition of the file being installed in the fixed file table as well as having OCLOEXEC flag set, the function...
EUVD-2026-2292
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...
EUVD-2026-2324
In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...
EUVD-2026-2330
In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdirpreexit We have been seeing occasional deadlocks on pernetopsrwsem since September in NIPA. The stuck task was usually modprobe often loading a driver like ipvlan, trying to take the lock a...
EUVD-2026-2351
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
EUVD-2026-2080
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7...
EUVD-2026-2349
The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
EUVD-2026-2378
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidentiality and integrity of the application ,availability is not impacted...
EUVD-2026-2083
Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2026-2270
Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
EUVD-2026-1944
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...
EUVD-2026-1951
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier...