EUVD-2026-4165

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

EUVD-2026-4161

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

EUVD-2026-4176

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

EUVD-2026-3688

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

EUVD-2026-3694

Not used...

CVE-2026-21989

CVE-2026-21989 affects Oracle VM VirtualBox cores in versions 7.1.14 and 7.2.4. The issue allows a high-privilege attacker with local access to compromise VirtualBox, potentially leading to unauthorized data creation/deletion/modification, broader data access, and partial denial of service. The b...

EUVD-2026-3323

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

EUVD-2026-3340

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

EUVD-2026-3327

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

EUVD-2026-3375

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

EUVD-2026-3373

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...

EUVD-2026-3363

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

EUVD-2026-3421

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

EUVD-2026-3430

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...

EUVD-2026-3407

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

EUVD-2026-3411

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

EUVD-2026-3412

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the deleteexistinguserphoto function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, wi...

EUVD-2026-3385

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

EUVD-2026-3440

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

EUVD-2026-3455

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...